Currently the maximum supported seems to be TLS 1.2.
The relevant config for nginx:
ssl_protocols TLSv1.2 TLSv1.3;
Since the certs are provided by Let's Encrypt: if the certificates installation in nginx is managed by certbot, you can edit the file at
/etc/letsencrypt/options-ssl-nginx.conf (at least on debian-based distros).
I won't fight tooth and nail about it but configuration files exist for a reason and offering a more recent version of a security protocol doesn't seem like a very difficult change, especially since it's just one config line.
For the record I asked: http://mailman.nginx.org/pipermail/nginx-devel/2020-September/013467.html
There are still blockers for them to enable it by default:
Looks like this is the main blocker:
It doesn't look to hard to write the necessary patch. Good luck!