Hi all,

I tried to disable TLSv1.1 but testing still alive refer openssl command. Have multiple virtual host configuration but confirmed the ssl_protocols just TLSv1.2 & TLSv1.3. Can anyone help please?

# cat /etc/centos-release
CentOS Linux release 7.7.1908 (Core)
# nginx -v
nginx version: nginx/1.16.1
# openssl version
OpenSSL 1.1.1g 21 Apr 2020


ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;


-----------------------
openssl s_client -connect domain.com:443 -tls1
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1


openssl s_client -connect domain.com:443 -tls1_1
New, TLSv1.0, Cipher is ECDHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.1

Problem solved and verified the configuration "ssl_protocols TLSv1.2 TLSv1.3;" is working fine. Because has nodejs effective all of protocols.

Enable only TLS 1.2 in Node JS
https://medium.com/@jawadahmadd/enable-only-tls-1-2-in-node-js-118687fb3746



Edited 1 time(s). Last edit at 08/10/2020 12:14AM by tequila.

POC to disable TLSv1.1 but the problem still occurred. That means not related nodejs.

Interesting... current nginx has multiple virtual hosts. Only one virtual host can't to disable TLSv1.1. Two virtual hosts is pointing to the save of home location, but using different server name. I tried to copy the configuration file and modified. Unfortunately, still alive TLSv1.1.

Can anyone help please?

Finally, problem solved because the OS on AliCloud and enabled WAF service. Through Internal IP is disabled, WAF is enabled.