Welcome! Log In Create A New Profile

Advanced

Re: In Nginx revers proxy unable to disable TLS1

Maxim Dounin
December 10, 2018 10:04AM
Hello!

On Sun, Dec 09, 2018 at 11:56:33PM -0500, blason wrote:

> Do you mean I need to mention in each and every reverse proxy stanza or in
> default config?

You have to configure ssl_protocols in the default server for the
listening socket in question.

As previously suggested, most simple solution would be to
configure ssl_protocols in the http{} block in nginx.conf.

> Is this right?
>
> [root@xxxxxx conf.d]# vi default.conf
> server {
> listen 80 default_server;
> #server_name "";
> server_name _;
> return 444;
> ssl_protocols TLSv1.2;
>
> #charset koi8-r;
> #access_log /var/log/nginx/log/host.access.log main;
>
> location / {
> root /usr/share/nginx/html;
> index index.html index.htm;
> }

No. The server{} block in question is default for the port 80,
which is plain HTTP, and does not use SSL. Note

> listen 80 default_server;

is the only listening socket in this server block.

You need to configure ssl_protocols in the server{} block which is
the default for HTTPS listening socket, usually on port 443.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

In Nginx revers proxy unable to disable TLS1

blason December 01, 2018 01:02AM

Re: In Nginx revers proxy unable to disable TLS1

Maxim Dounin December 03, 2018 09:14AM

Re: In Nginx revers proxy unable to disable TLS1

blason December 09, 2018 11:56PM

Re: In Nginx revers proxy unable to disable TLS1

Maxim Dounin December 10, 2018 10:04AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 57
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready