Hi,

for a test environment I successfully set up an nginx webserver (1.11.2)
with HTTP/2.

But for further tests I need to decrypt traffic with wireshark using the
servers private key.

For that I need to disable forward secrecy (since it is only a test
environment security is not an issue)

So I changed the "ssl_ciphers" in my /sites-enabled/default file from:

ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";

into

ssl_ciphers "AES128-SHA";

So my configuration looks like this:

-----
server {
listen 443 http2;

root /var/www/html;
index index.php index.html index.htm;

ssl on;
ssl_certificate /etc/ssl/server.crt;
ssl_certificate_key /etc/ssl/private.key;

ssl_protocols TLSv1.2;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_ciphers "AES128-SHA";
ssl_prefer_server_ciphers on;
}
-----

But now the server won't do HTTP/2 anymore, it falls back to HTTP/1.1.
I tried the same with an Apache webserver and it worked fine, so I guess
it is not a general problem with the chosen cipher.

Any ideas on what could be the problem?

thanks!

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx