NGINX wants to have a cipher, that matches the output of "openssl ciphers", right? With "openssl ciphers -V" (which outputs the binary value of the Cipher, too), I found that TLS_RSA_WITH_RC4_128_SHA (0x0005) equals 0x00,0x05 - RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1 Put this into nginx.conf on both upstream and downstream, restarted, aby swadm - Other discussion
tried ssl_ciphers TLS_RSA_WITH_RC4_128_SHA; and, simultaneousely proxy_ssl_ciphers TLS_RSA_WITH_RC4_128_SHA; but, on both SLES11 and SLES12, nginx reports nginx: SSL_CTX_set_cipher_list("TLS_RSA_WITH_RC4_128_SHA") failed (SSL: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match) Is it correct to assume that the ciphers need to come from the SSL libsby swadm - Other discussion
I checked, but no, there is no return or rewrite in the NGINX configuration. Sorry, but I used http instead of https, so the last test was useless. Another go ... now the curl picture is as follows: the tracefiles of CURL doing ... curl https://my-server.my-domain:55094/beehive/redirect/secure-mx --tlsv1.0 --stderr curl-err.txt --output curl-out.txt --trace curl-trace.txt ... look quiby swadm - Other discussion
Tested with curl: In the trace file written with the --trace parameter, I find that, without NGINX, the GET request is simply served, and then reports "Info: Connection #0 to host ... left intact". In the case of NGINX inbetween, I get a HTTP/1.1 302 Moved Temporarily.. According to the trace file, Curl will then request "Location: ...", and receive "302 Foundby swadm - Other discussion
Just to be sure of a common understanding: with handover by the redirector I mean that, while only httpd is listening on the server port, the same port is having ESTABLISHED sessions with different programs (java, httpd, ombd), so my understanding is that the NGINX configuration is able to talk to httpd and the java processes, but failing with ombd. I would like to get an even better underby swadm - Other discussion
I know that OHS in the beehive flavour is limited to TLSv1, and cannot be updated to support newer versions and also no SHA-256 certificates. That's actually why we needed to front NGINX to get various browsers to accept the connection. All of these connections work fine, but only the OBEO component will refuse a successful connection. As far as I understand, a redirector process will haby swadm - Other discussion
Are you really sure it is a ssl3/ssl2 issue? When I do a trace where NGINX is not involved (direct communication between the OBEO plugin and OHS), wireshark reports ssl.record.version Version: TLS 1.0 (0x0301), so SSL3 should not be talked here, as 0x0301 is aka TLS 1.0.by swadm - Other discussion
WebLogic Server 10.3.6 is not the same as OHS (Oracle HTTP Server) 10.1.3, which is an obsolete product in this version. The OHS is TLS enabled, but appears to have issues when talking with the proxy NGINX.by swadm - Other discussion
For an Oracle grown Application (it's actually beehive collab server) that is based on Oracle HTTP Server 10.1.3 (and, being on extended support, cannot be updated to more recent versions of OHS), we have the issue that a fronted NGINX reverse proxy has an issue with with one service (it's actually the server counterpart of the OBEO connector) that is run by a process ombd on Linux, so it appeby swadm - Other discussion