Welcome! Log In Create A New Profile

Advanced

nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak
October 01, 2014 08:12AM
hi all,

i have several nginx sites, and as i try to deploy ssl, i am having issues with `ssl_protocols`

<config>
....
ssl on;
ssl_certificate /etc/x509V6/domain.crt;
ssl_certificate_key /etc/x509V6/domain.key;

ssl_session_cache off;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;
....
</config>


this configuration can then be tested with: https://testssl.sh/testssl.sh

SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered
SPDY/NPN http/1.1 (advertised)


so SSLv3 is still offered and SSLv1.2 is not offered.

any ideas on how to get the `ssl_protocols` to be parsed and respected by nginx?

thanks

m

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 08:12AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mex October 01, 2014 08:33AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 10:40AM

RE: nginx centos build only supports SSLv3 and ignores ssl_protocols

Lukas Tribus October 01, 2014 10:56AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 11:12AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mex October 01, 2014 01:26PM

RE: nginx centos build only supports SSLv3 and ignores ssl_protocols

Lukas Tribus October 01, 2014 02:46PM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 04:48PM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

GreenGecko October 01, 2014 06:18PM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols [solved -- found an issue in nginx]

mayak October 02, 2014 02:02AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols[solved -- found an issue in nginx]

Rob Stradling October 02, 2014 08:50AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols[solved -- found an issue in nginx]

mayak October 02, 2014 01:34PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 77
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready