Apache configuration does not specify which TLSv1.3 ciphers to use.

[tsteiner]

This tool currently enables all TLSv1.3 ciphers that are available to Apache, including 0x13,0x04/TLS_AES_128_CCM_SHA256, which is not included in any of the recommended lists. In order to set the list of TLSv1.3 ciphers, the SSLCipherSuite option must be used with two arguments, the first being "TLSv1.3", and the second being the list of TLSv1.3 ciphers. So, to enable just the three ciphers currently listed (and no more), the following line should be added to the config in addition to the existing "SSLCipherSuite" line:
SSLCipherSuite TLSv1.3 TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256

[gstrauss]

@tsteiner thank you for reporting this.

While flexible for configuration, that is not very admin-friendly behavior from Apache to require additional configuration for expected behavior.

Aside: I wonder if Fedora's default configuration needs additional line(s) for TLSv1.3
https://src.fedoraproject.org/rpms/httpd/blob/rawhide/f/ssl.conf

SSLCipherSuite PROFILE=SYSTEM
SSLProxyCipherSuite PROFILE=SYSTEM

UNTESTED: Does the missing SSLCipherSuite TLSv1.3 ... mean that Apache is not using PROFILE=SYSTEM for TLSv1.3?

[gstrauss]

The value in Debian looks dated and perhaps has not been reviewed in many years.

https://sources.debian.org/src/apache2/2.4.63-1/debian/config-dir/mods-available/ssl.conf/
SSLCipherSuite HIGH:!aNULL