Welcome! Log In Create A New Profile

Advanced

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols[solved -- found an issue in nginx]

mayak
October 02, 2014 01:34PM
On 10/02/2014 02:49 PM, Rob Stradling wrote:
> Hi. Visit https://www.ssllabs.com/ssltest/viewMyClient.html and check out "Protocol Details -> Signature algorithms". I expect you'll find that your browser doesn't offer SHA512/RSA.
>
> Judging from a recent discussion on the IETF TLS list [1], there seems to be some confusion over whether the TLS signature_algorithms extension should 1) restrict the permitted certificate signature algorithms and the non-certificate uses of digital signatures in the TLS protocol or 2) only restrict the non-certificate uses of digital signatures in the TLS protocol.
>
> Those taking view 2 don't offer SHA512/RSA because no cipher suites require it. I've concluded that, sadly, certs signed with SHA512/RSA basically don't work for TLS.
>
> [1] http://www.ietf.org/mail-archive/web/tls/current/msg13606.html
hi rob,

the `offer` was checked using `openssl` binary command within the https://testssl.sh/testssl.sh script -- the openssl binary is openssl-1.0.2-beta1

i agree -- nginx cannot handle an sha512 signed cert and will only offer sslv3. apache does offer tlsv1.* with an sha512 signature. this question goes beyond my comprehension of ssl, so i am going to live with sha256 -- strong enough to quench my paranoiac thirst :-)

cheers

m


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 08:12AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mex October 01, 2014 08:33AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 10:40AM

RE: nginx centos build only supports SSLv3 and ignores ssl_protocols

Lukas Tribus October 01, 2014 10:56AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 11:12AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mex October 01, 2014 01:26PM

RE: nginx centos build only supports SSLv3 and ignores ssl_protocols

Lukas Tribus October 01, 2014 02:46PM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

mayak October 01, 2014 04:48PM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols

GreenGecko October 01, 2014 06:18PM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols [solved -- found an issue in nginx]

mayak October 02, 2014 02:02AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols[solved -- found an issue in nginx]

Rob Stradling October 02, 2014 08:50AM

Re: nginx centos build only supports SSLv3 and ignores ssl_protocols[solved -- found an issue in nginx]

mayak October 02, 2014 01:34PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 130
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready