Welcome! Log In Create A New Profile

Advanced

Re: In Nginx revers proxy unable to disable TLS1

Maxim Dounin
December 03, 2018 09:14AM
Hello!

On Sat, Dec 01, 2018 at 01:02:19AM -0500, blason wrote:

> Hi Team,
>
> I have deployed nginx in reverse proxy mode and trying to disable TLS1
> and1.1 in configuation file but somehow it still shows when site is scanned
> by SSLlabs.
>
> Any idea why?
>
> nginx version: nginx/1.10.1
>
> ssl_prefer_server_ciphers On;
> ssl_protocols TLSv1.2;
> ssl_ciphers
> ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
> ssl_dhparam /etc/ssl/stest.pem;

Make sure you change ssl_protocols in the right context. It is
not possible to change enabled SSL protocols in a SNI-based
virtual server, so you have to define the "ssl_protocols"
directive in the default server for the listening socket. Most
simple solution would be define "ssl_protocols" in the "http"
context, so it will be used for all servers.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

In Nginx revers proxy unable to disable TLS1

blason December 01, 2018 01:02AM

Re: In Nginx revers proxy unable to disable TLS1

Maxim Dounin December 03, 2018 09:14AM

Re: In Nginx revers proxy unable to disable TLS1

blason December 09, 2018 11:56PM

Re: In Nginx revers proxy unable to disable TLS1

Maxim Dounin December 10, 2018 10:04AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 313
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready