I decided to trade my perfect 100% SSL Labs score with activating TLS1.3 on my website. Not that any of this matter, since this is a static blog. The good news is that AES256 is privileged over AES128 in the cipher suite order.
TLS_AES_256_GCM_SHA384 (0x1302) ECDH secp384r1 (eq. 7680 bits RSA)
TLS_CHACHA20_POLY1305_SHA256 (0x1303) ECDH secp384r1 (eq. 7680 bits RSA)
TLS_AES_128_GCM_SHA256 (0x1301) ECDH secp384r1 (eq. 7680 bits RSA)Activating TLSv1.3 on Nginx is trivial and done by adding TLSv1.3 in front on TLSv1.2 for the ssl_protocols directive.
ssl_protocols TLSv1.3 TLSv1.2;And don’t fortget to service nginx restart your server.