I found where the problems was. I thought ssl options can be different in virtual host. Default server settings was not overwritten. server { include conf/default-settings; root /var/www; server_name ""; ssl on; ssl_certificate ssl/nmz_ssl.crt; ssl_certificate_key ssl/nmz_ssl.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORTby Nemesiz - Nginx Mailing List - English
I recompiled with default openssl lib (1.0.1e-3ubuntu1.2) Default install path: # nginx -V nginx version: nginx/1.5.13 built by gcc 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu9) TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx/1.5.13 --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-tby Nemesiz - Nginx Mailing List - English
Maxim Dounin Wrote: ------------------------------------------------------- > It looks like you are testing something different, not nginx you > are trying to configure. Check what is actually listening on the > ip:port you are testing. testssl.sh: --> Testing HTTP Header response HSTS 365 days (31536000 s) Server nginx/1.5.13 Application (None) ssby Nemesiz - Nginx Mailing List - English
Strange things are happening. nginx: ssl_protocols TLSv1 TLSv1.1 TLSv1.2; Results: ssllabs.com: TLS 1.2 No TLS 1.1 No TLS 1.0 Yes SSL 3 Yes SSL 2 No testssl.sh: SSLv2 NOT offered (ok) SSLv3 offered TLSv1 offered (ok) TLSv1.1 not offered TLSv1.2 not offered Looks like i can`t disable sslv3 OS: Ubuntu sancy SSL Certificate: StartCom Ltd.by Nemesiz - Nginx Mailing List - English
Hello I`m struggling with enabling tls1.1 and tls1.2. Some info: NGINX: # nginx -V nginx version: nginx/1.5.13 built by gcc 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu9) TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx/1.5.13 --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-pby Nemesiz - Nginx Mailing List - English