tls 1.3 ciphers not getting updated through ssl-ciphers

[ajsmksja]

We are using the customized version of Nginx ingress controller, v1.11.3 and are trying to set openssl ciphers using the ssl-ciphers and still the list of ciphers under "ssl-ciphers" in the nginx.conf still have the same default list of ciphers, unaltered.

tried:

ssl-ciphers: TLS_AES_128_GCM_SHA256

ciphers unaltered:
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';

However,Setting the ciphers using ssl_conf_comand in http-snippet http-snippet: ssl_conf_command Ciphersuites TLS_CHACHA20_POLY1305_SHA256; seems to work
only if one of the below 3 ciphersTLS_AES_256_GCM_SHA384,TLS_CHACHA20_POLY1305_SHA256,TLS_AES_128_GCM_SHA256 are used .If any other cipher apart from these 3 are used the cipher is ignored. Could you please let us know the reason and help in understanding this better.
considering, allow-snippet-annotations suggested to be false due to security concerns.

[k8s-ci-robot]

This issue is currently awaiting triage.

If Ingress contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.