Scott Larson Wrote:
-------------------------------------------------------
> Something else must be going on here. Looking at your ssl_cipher
> string, you're opening with a rough declaration of specific ciphers
> you'll
> support, none of which should pull in RC4. It's specific enough in
> fact
> that your subsequent excluded ciphers don't even come into play. To
> test
> this I switched in my old RSA cert, rebuilt 1.7.6 against OpenSSL
> 1.0.1j,
Which is why I said try 101j, between 101e and j there are big differences when it comes to invalid fallbacks.
Not even mentioning using 101e is asking to be hacked.
---
nginx for Windows http://nginx-win.ecsds.eu/