TLS1.2 handshake completely broken using openssl-1.1.1 compiled with enable_tls13 if cipher list don't include tls-1.3 supported cipher.

[EmericBr]

You should consider to fall back on lower protocol version if the cipher list dos not contain mandatory ciphers for tls1.3 (with a warning).

Currently a a user upgrading to openssl-1.1.1 with enable tls1.3 compiled shows all his handshakes broken if he configured a cipher list compliant with tls1.2 but not tls1.3. Even if the clients supports only TLS 1.2

[richsalz]

Please read the blog entry, https://www.openssl.org/blog/blog/2017/05/04/tlsv1.3/

[mattcaswell]

Currently a a user upgrading to openssl-1.1.1 with enable tls1.3 compiled shows all his handshakes broken if he configured a cipher list compliant with tls1.2 but not tls1.3. Even if the clients supports only TLS 1.2

This was a deliberate design choice. If you enable TLSv1.3 and do not enable any TLSv1.3 ciphersuites then that is a bad configuration that needs to be fixed. It is better to error out as soon as we detect that condition to enable the user to correct it. Leaving it until we actually see a TLSv1.3 client and only fail at that point will lead to sporadic failures (TLSv1.3 clients will be rare to start off with) where it would be much harder to identify the problem.