hi all,

i have several nginx sites, and as i try to deploy ssl, i am having issues with `ssl_protocols`

<config>
....
ssl on;
ssl_certificate /etc/x509V6/domain.crt;
ssl_certificate_key /etc/x509V6/domain.key;

ssl_session_cache off;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;
....
</config>


this configuration can then be tested with: https://testssl.sh/testssl.sh

SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered
SPDY/NPN http/1.1 (advertised)


so SSLv3 is still offered and SSLv1.2 is not offered.

any ideas on how to get the `ssl_protocols` to be parsed and respected by nginx?

thanks

m

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx