> btw, it seems impossible to have
>
> ...
> ssl_protocols TLSv1.2;
> ...
>
> and a testresult of
>
> SSLv2 NOT offered (ok)
> SSLv3 offered
> TLSv1 not offered
> TLSv1.1 not offered
> TLSv1.2 not offered

No, its very possible. A SSL_CTX_set_ssl_version() call can fail,
or the call itself can be #ifdef'ed out.



> iirc, openssl 1.0.1e should be able to provide tls 1.2, so
> it seems quite strange

It may be:
- the nginx centos 6 RPM is linked against openssl 0.9.8 AND
- when using a source build, you didn't stop and start the correct executable AND/OR
- you have some library mismatch/mess on your system


If you don't care about the possible mess on your system and want a fast fix,
just build it statically, as previously suggested.



Regards,

Lukas


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx