Hello this is my topology: client(my laptop)--https-->reverse proxy(vm1)--https-->upstream(10.X.X.X vm2) client (public ip 1.2.3.4) reverse proxy (public ip 5.6.7.8 , nginx, trusted certificates sign by globalsign) upstream (private ip 10.X.X.X , IIS8, certificates signed by my own CA) I can access from laptop to upstream web application but, browser show me untrusted certificate.by Boris_Krizman - How to...
This i found on github from user kaduk when i google your error message from openssl command. The TLS 1.3 ciphersuites are qualitatively different than ciphersuites prior to TLS 1.3 (e.g., in that the TLS 1.2 codepoints specify a key exchange mechanism but in TLS 1.3 that is separately negotiated). You have to use the -ciphersuites argument to configure them manually.by Boris_Krizman - How to...
TLS 1.3 requires that you specify the following AEAD (Authenticated Encryption with Associated Data) ciphers: Try remove from nginx configuration ECDHE-ECDSA-CHACHA20 POLY1305:ECDHE+AES128:RSA+AES128:ECDHE+AES256:RSA+AES256:ECDHE+3DES:RSA+3DES and leve those three: TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256 You may tweak the order, but you should aby Boris_Krizman - How to...
Hello Everybody I'm system engineer for small software company, We develop web application on saas platform. I want to became expert for NGINX services and that's why I am here.by Boris_Krizman - New Member Introductions