zlacker

   echo|bssl s_client -connect 50.112.136.166:443 -min-version tls1.3

   Connecting to 50.112.136.166:443
   Error while connecting: TLSV1_ALERT_PROTOCOL_VERSION
   94922006718056:error:1000042e:SSL routines:OPENSSL_internal:TLSV1_ALERT_PROTOCOL_VERSION:/home/bssl/boringssl-refs-heads-master/ssl/tls_record.cc:594:SSL alert number 70

>>1vuio0+(OP)
For a moment I thought about a SNI issue but no, you are right:

Version: 2.0.7 OpenSSL 1.1.1n 15 Mar 2022

Connected to 50.112.136.166

Testing SSL server news.ycombinator.com on port 443 using SNI name news.ycombinator.com

  SSL/TLS Protocols:

SSLv2 disabled SSLv3 disabled TLSv1.0 enabled TLSv1.1 enabled TLSv1.2 enabled TLSv1.3 disabled

>>1vuio0+(OP)
That still doesn't mean you can't use TLS 1.3 on AWS. For example, I have a Cloudfront-based site I haven't touched in years that works just fine with TLS 1.3.

>>wging+U61
"Unlike CF, AWS does not support TLS1.3. This is not working while HN uses the AWS IP."

The context of the above statement was the HN site, not every site that uses AWS.

Specifically, I mean that if HN uses CF, then TLS1.3 will be supported. (Before the outage I accessd HN through CF so I could use TLS1.3, because the M5 hosted site did not support it.) Whereas if HN uses AWS, then TLS1.3 may or may not be supported. As it happens, there is no support.^1

Not being more clear is on me and I apologise that the statement was misinterpreted. Nevertheless, the fact that there are other sites accessed through AWS that support TLS1.3 does not help the HN user here who wants to use TLS1.3, namely, me. That is the context of the comment: accessing HN using TLS1.3. It is not a review of AWS. It is a statement about accessing HN with TLS1.3.

1. For example, those using Cloudfront CDN services.