[GH-ISSUE #2268] Connexion to backend proxied server serving HTTPS over TLSv1.3 only will fail #1616

New issue

Closed

opened 2026-02-26 07:31:47 +03:00 by kerem · 2 comments

kerem commented

2026-02-26 07:31:47 +03:00

Owner

Originally created by @bynicolas on GitHub (Sep 17, 2022).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2268

If we reverse proxy to an internal server that is serving content explicitly and only over TLSv1.3, then you will get a 502 Bad Gateway error.

I did some digging and the issue is clearly happening in the server block of the proxy. You can find the discussions here https://forum.nginx.org/read.php?11,294147 and here https://unix.stackexchange.com/questions/706074/nginx-reverse-proxy-fails-with-tlsv1-3-on-backend-servers

So this is easily fixable by adding proxy_ssl_protocols TLSv1.3; to the Custom Nginx Configuration block in the Advanced tab of the proxy host in question.

Having to manually edit each host is not ideal though; this should maybe be improved in a future release as TLSv1.3 is more widely used.

Maybe adding a toggle switch saying something like TLSv1.3 only destination on the details or SSL tabs to enable this setting?

Nginx Proxy Manager Version
v2.9.18

Originally created by @bynicolas on GitHub (Sep 17, 2022). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/2268 If we reverse proxy to an internal server that is serving content explicitly and only over TLSv1.3, then you will get a `502 Bad Gateway` error. I did some digging and the issue is clearly happening in the server block of the proxy. You can find the discussions here https://forum.nginx.org/read.php?11,294147 and here https://unix.stackexchange.com/questions/706074/nginx-reverse-proxy-fails-with-tlsv1-3-on-backend-servers So this is easily fixable by adding `proxy_ssl_protocols TLSv1.3;` to the **Custom Nginx Configuration** block in the **Advanced** tab of the proxy host in question. Having to manually edit each host is not ideal though; this should maybe be improved in a future release as TLSv1.3 is more widely used. Maybe adding a toggle switch saying something like *TLSv1.3 only destination* on the details or SSL tabs to enable this setting? **Nginx Proxy Manager Version** v2.9.18

kerem

2026-02-26 07:31:47 +03:00

closed this issue
added the
bug
label

kerem commented

2026-02-26 07:31:47 +03:00

Author

Owner

@the1ts commented on GitHub (Sep 17, 2022):

@bynicolas its already waiting for merging (#2045).

@the1ts commented on GitHub (Sep 17, 2022): @bynicolas its already waiting for merging (#2045).

kerem commented

2026-02-26 07:31:47 +03:00

Author

Owner

@bynicolas commented on GitHub (Sep 19, 2022):

Cool, that's great. Sorry about the bug report then, I guess my search terms weren't wide enough!

@bynicolas commented on GitHub (Sep 19, 2022): Cool, that's great. Sorry about the bug report then, I guess my search terms weren't wide enough!

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/nginx-proxy-manager-NginxProxyManager#1616

No description provided.

Rows
Columns