Comment # 25 on bug 1135550 from 
Faced the weird behavior of chipper for TLS1.3.
https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites

openssl ciphers -s -v ECDHE | grep TLSv1.3
TLS_AES_256_GCM_SHA384  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(256) Mac=AEAD
TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any      Au=any 
Enc=CHACHA20/POLY1305(256) Mac=AEAD
TLS_AES_128_GCM_SHA256  TLSv1.3 Kx=any      Au=any  Enc=AESGCM(128) Mac=AEAD

but
openssl ciphers TLS_CHACHA20_POLY1305_SHA256
or
openssl ciphers TLS_AES_256_GCM_SHA384

Error in cipher list
140013550158336:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher
match:ssl/ssl_lib.c:2549:

In Apache
SSLCipherSuite TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256

Unable to configure permitted SSL ciphers
SSL Library Error: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no
cipher match
Fatal error initialising mod_ssl, exiting.

Is this something I don���t understand, or is it an openssl bug?

I want the TLS1.3 chippers to be installed only the necessary and in the wrong
order.
How to do it?

If this is a bug, I will create a separate report.

You are receiving this mail because: