Welcome! Log In Create A New Profile

Re: Getting forward secrecy enabled

Forum List Message List New Topic Print View

Sergey Budnevitch

October 03, 2013 08:38AM

On 2 Oct2013, at 15:08 , Vahan Yerkanian <vahan@helix.am> wrote:

> On Oct 2, 2013, at 9:57 AM, justin <nginx-forum@nginx.us> wrote:
>
>> I don't compile nginx, I get it from the official CentOS repo:
>>
>> [nginx]
>> name=nginx repo
>> baseurl=http://nginx.org/packages/centos/6/$basearch/
>> gpgcheck=0
>> enabled=1
>>
>
> That's your problem, that version doesn't support ECDHE.

nginx itself has no ciphers support, it depend on openssl.
RHEL/CentOS version of openssl lacks elliptic curve ciphers,
it is explicitly striped from rpm (https://bugzilla.redhat.com/show_bug.cgi?id=319901),
and ECDHE is unavailable on RHEL/CentOS with default openssl.
So either change/rebuild openssl rpm, rebuild nginx with
statically linked openssl or use another linux distribution.

You could list and check available ciphers by:
openssl cipher -v
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Getting forward secrecy enabled	Anonymous User	October 02, 2013 12:13AM
Re: Getting forward secrecy enabled	mex	October 02, 2013 12:52AM
Re: Getting forward secrecy enabled	mex	October 02, 2013 01:00AM
Re: Getting forward secrecy enabled	Anonymous User	October 02, 2013 01:16AM
Re: Getting forward secrecy enabled	Anonymous User	October 02, 2013 01:18AM
Re: Getting forward secrecy enabled	mex	October 02, 2013 01:34AM
Re: Getting forward secrecy enabled	Anonymous User	October 02, 2013 01:32AM
Re: Getting forward secrecy enabled	mex	October 02, 2013 01:46AM
Re: Getting forward secrecy enabled	Anonymous User	October 02, 2013 01:57AM
Re: Getting forward secrecy enabled	mex	October 02, 2013 02:29AM
Re: Getting forward secrecy enabled	Darren Pilgrim	October 02, 2013 04:26AM
Re: Getting forward secrecy enabled	mex	October 10, 2013 11:42AM
Re: Getting forward secrecy enabled	Vahan Yerkanian	October 02, 2013 07:10AM
Re: Getting forward secrecy enabled	Anonymous User	October 03, 2013 02:29AM
Re: Getting forward secrecy enabled	Sergey Budnevitch	October 03, 2013 08:38AM
Re: Getting forward secrecy enabled	Sergey Budnevitch	October 03, 2013 09:18AM
Re: Getting forward secrecy enabled	Gena Makhomed	October 03, 2013 09:30AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 249

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018