nginx allows TLS 1.1 connection even though configuration only permits TLSv1.2

I am testing my website using ssllabs and getting a **B ** grade because TLS 1.0 and TLS 1.1 are allowed.
However, to the best of my understanding my nginx configuration should not allow TLS 1.0 and TLS 1.1.

In nginx.conf I have:

http {
    ssl_protocols TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;
}

Also, under /etc/nginx/sites-enabled/ I have a host specific conf file with the following configuration:

server {
    listen 443 ssl;
    listen [::]:443 ipv6only=on;
    server_name www.mydomain.com;


    ssl_certificate /etc/nginx/ssl/mycert.crt;
    ssl_certificate_key /etc/nginx/ssl/my.key;

    **ssl_protocols TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;**
}

OS: alpine
nginx version:

nginx/1.22.1
built with OpenSSL 3.0.5 5 Jul 2022 (running with OpenSSL 3.0.8 7 Feb 2023)
TLS SNI support enabled

This is running as docker container under aws-lightsail container service.

I also tried adding a default server configuration and tried listing explicit list of strong ciphers but both of these did not help.

I can connect to my website using openssl with TLSv1.1 (openssl s_client -connect www.mydomain.com:443 -tls1_1):
I am getting a TLS 1.1 connection with cipher ECDHE-RSA-AES128-SHA which according to my understanding should not be allowed.