I tried to do use the ssltest from qualys.com:
https://www.ssllabs.com/ssltest/
Every time i run it, my nginx server (ssl terminator) crashes and i have to restart it.
I get the following error in my nginx logs:
*734 SSL_do_handshake() failed (SSL: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback) while SSL handshaking, client: ......, server: .......
I've got the following configuration:
server{
listen .........:80;
add_header Strict-Transport-Security max-age=15768000;
server_name .......................;
rewrite ^ https://$server_name$uri? permanent;
#location / {
# proxy_pass ......................:80;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# }
}
server {
listen ...............:443;
ssl on;
ssl_certificate /etc/nginx/certkeys/.......crt;
ssl_certificate_key /etc/nginx/certkeys/.......key;
server_name .....................;
access_log /var/log/nginx/running.log;
error_log /var/log/nginx/errorReport.log;
keepalive_timeout 70;
ssl_session_timeout 30m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass .....................:80/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}