(In reply to �������� ������������ from comment #25) > openssl ciphers -s -v ECDHE | grep TLSv1.3 > TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD > TLS_CHACHA20_POLY1305_SHA256 TLSv1.3 Kx=any Au=any > Enc=CHACHA20/POLY1305(256) Mac=AEAD > TLS_AES_128_GCM_SHA256 TLSv1.3 Kx=any Au=any Enc=AESGCM(128) Mac=AEAD > > but > openssl ciphers TLS_CHACHA20_POLY1305_SHA256 > or > openssl ciphers TLS_AES_256_GCM_SHA384 > > Error in cipher list > 140013550158336:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no > cipher match:ssl/ssl_lib.c:2549: The TLS 1.3 ciphersuites work and are configured in a different way than the old <= TLS 1.2 ciphers. You need the --ciphersuites parameter. So try something along: openssl ciphers --ciphersuites TLS_CHACHA20_POLY1305_SHA256 -s -tls1_3 The -s -tls1_3 limit the list to TLS 1.3 ciphers, otherwise TLS 1.2 ciphers are also included in the list. > https://wiki.openssl.org/index.php/TLS1.3#Ciphersuites All the information is listed in the link above. > In Apache > SSLCipherSuite TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256 > > Unable to configure permitted SSL ciphers > SSL Library Error: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no > cipher match > Fatal error initialising mod_ssl, exiting. According to the docs at https://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslciphersuite, the correct syntax is: SSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 > Is this something I don���t understand, or is it an openssl bug? It's how it works, unfortunately due to the difference in the ciphers in TLS 1.2/1.3. > I want the TLS1.3 chippers to be installed only the necessary and in the > wrong order. > How to do it? I don't understand what you mean by this. All the five implemented TLS 1.3 ciphers are perfectly safe. > If this is a bug, I will create a separate report. Not a bug.