<div dir="ltr">Приложите вывод nginx -T</div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div><div dir="ltr">---<br><span style="font-size:small">Respectfully, Dmitrii Kovalkov</span><br style="font-size:small"><span style="font-size:small">FASTVPS technical department</span><br></div></div></div></div></div></div></div>
<br><div class="gmail_quote">2017-10-13 12:18 GMT+03:00 Максим Баштовой <span dir="ltr"><<a href="mailto:mail@sho0ter.com" target="_blank">mail@sho0ter.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<p>Апну топик, обновился к майнлайновому 1.13.6 проблема осталась,
почему-то NGINX упорно хочет работать исключительно по TLSv1.2
протоколу, отвергая остальные<br>
Конфиг тот же<br>
<br>
nginx version: nginx/1.13.6<br>
built with OpenSSL 1.1.0f 25 May 2017<br>
TLS SNI support enabled<br>
configure arguments: --with-cc-opt='-g -O2
-fdebug-prefix-map=/build/<wbr>nginx-qNPYfb/nginx-1.13.6=.
-fstack-protector-strong -Wformat -Werror=format-security -fPIC
-Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro
-Wl,-z,now -fPIC' --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.<wbr>conf
--http-log-path=/var/log/<wbr>nginx/access.log
--error-log-path=/var/log/<wbr>nginx/error.log
--lock-path=/var/lock/nginx.<wbr>lock --pid-path=/run/nginx.pid
--modules-path=/usr/lib/nginx/<wbr>modules
--http-client-body-temp-path=/<wbr>var/lib/nginx/body
--http-fastcgi-temp-path=/var/<wbr>lib/nginx/fastcgi
--http-proxy-temp-path=/var/<wbr>lib/nginx/proxy
--http-scgi-temp-path=/var/<wbr>lib/nginx/scgi
--http-uwsgi-temp-path=/var/<wbr>lib/nginx/uwsgi --with-debug
--with-pcre-jit --with-http_ssl_module
--with-http_stub_status_module --with-http_realip_module
--with-http_auth_request_<wbr>module --with-http_v2_module
--with-http_dav_module --with-http_slice_module --with-threads
--with-http_addition_module --with-http_geoip_module=<wbr>dynamic
--with-http_gunzip_module --with-http_gzip_static_module
--with-http_image_filter_<wbr>module=dynamic --with-http_sub_module
--with-http_xslt_module=<wbr>dynamic --with-stream=dynamic
--with-stream_ssl_module --with-stream_ssl_preread_<wbr>module
--with-mail=dynamic --with-mail_ssl_module
--add-dynamic-module=/build/<wbr>nginx-qNPYfb/nginx-1.13.6/<wbr>debian/modules/http-auth-pam
--add-dynamic-module=/build/<wbr>nginx-qNPYfb/nginx-1.13.6/<wbr>debian/modules/http-dav-ext
--add-dynamic-module=/build/<wbr>nginx-qNPYfb/nginx-1.13.6/<wbr>debian/modules/http-echo
--add-dynamic-module=/build/<wbr>nginx-qNPYfb/nginx-1.13.6/<wbr>debian/modules/http-upstream-<wbr>fair
--add-dynamic-module=/build/<wbr>nginx-qNPYfb/nginx-1.13.6/<wbr>debian/modules/http-subs-<wbr>filter<br>
<br>
Может подскажет кто-то хоть в какую сторону копать?<br>
Очень признателен за любые советы<br>
</p>
<br>
<div class="m_-7527415582818146883moz-cite-prefix">28.09.2017 12:59, Максим Баштовой
пишет:<br>
</div><div><div class="h5">
<blockquote type="cite">
<p>nginx 1.13.5-1<br>
openssl 1.1.0f-5</p>
<p>ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;<br>
ssl_certificate /etc/nginx/ssl/chained.crt;<br>
ssl_certificate_key /etc/nginx/ssl/ssl.key;<br>
ssl_dhparam /etc/nginx/ssl/dhparam.pem;<br>
ssl_prefer_server_ciphers on;<br>
ssl_ciphers EECDH:+AES256:-3DES:RSA+AES:<wbr>RSA+3DES:!NULL:!RC4;<br>
ssl_ecdh_curve prime256v1;<br>
ssl_session_cache shared:SSL:10m;<br>
ssl_session_tickets off;<br>
ssl_stapling on;<br>
ssl_stapling_verify on;<br>
ssl_trusted_certificate /etc/nginx/ssl/ocsp.crt;<br>
resolver 8.8.8.8 8.8.4.4 valid=300s;<br>
resolver_timeout 5s;<br>
add_header Strict-Transport-Security "max-age=31536000;
includeSubDomains; preload";<br>
#add_header X-Frame-Options SOMEORIGIN;<br>
add_header X-Content-Type-Options nosniff;<br>
add_header X-XSS-Protection "1; mode=block;";</p>
<p>SSL тест сообщает:</p>
<table class="m_-7527415582818146883reportTable m_-7527415582818146883mceItemTable" style="border-collapse:collapse;width:850px;margin:0px 10px 0px 0px;padding:0px;font-size:12px;line-height:20px;font-family:Arial,Helvetica,sans-serif;background-color:#fdfdfd">
<thead><tr>
<td class="m_-7527415582818146883tableHead" style="color:#009ddf;font-weight:bold;padding-bottom:5px;vertical-align:middle;border-bottom:2px solid #c6d2d4;font-size:13px" colspan="2">Protocols</td>
</tr>
</thead><tbody>
<tr class="m_-7527415582818146883tableRow">
<td class="m_-7527415582818146883tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">TLS 1.3</td>
<td class="m_-7527415582818146883tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td>
</tr>
<tr class="m_-7527415582818146883tableRow">
<td class="m_-7527415582818146883tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle"><font color="green">TLS
1.2</font></td>
<td class="m_-7527415582818146883tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle"><font color="green">Yes</font></td>
</tr>
<tr class="m_-7527415582818146883tableRow">
<td class="m_-7527415582818146883tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">TLS 1.1</td>
<td class="m_-7527415582818146883tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td>
</tr>
<tr class="m_-7527415582818146883tableRow">
<td class="m_-7527415582818146883tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">TLS 1.0</td>
<td class="m_-7527415582818146883tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td>
</tr>
<tr class="m_-7527415582818146883tableRow">
<td class="m_-7527415582818146883tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">SSL 3</td>
<td class="m_-7527415582818146883tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td>
</tr>
<tr class="m_-7527415582818146883tableRow">
<td class="m_-7527415582818146883tableLeft" style="padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">SSL 2</td>
<td class="m_-7527415582818146883tableRight" style="width:50px;text-align:right;padding:3px 0px;border-bottom:1px solid #f0f0f0;vertical-align:middle">No</td>
</tr>
</tbody>
</table>
<p><br>
</p>
<p>Старые браузеры, соотв., поотваливались</p>
<p>Подскажите, пожалуйста, как вернуть поддержку старых версий
TLS?<br>
<br>
С уважением,<br>
Максим Баштовой<br>
<a class="m_-7527415582818146883moz-txt-link-abbreviated" href="http://www.sho0ter.com" target="_blank">www.sho0ter.com</a><br>
<a class="m_-7527415582818146883moz-txt-link-abbreviated" href="mailto:mail@sho0ter.com" target="_blank">mail@sho0ter.com</a></p>
</blockquote>
<br>
</div></div><span class=""><pre class="m_-7527415582818146883moz-signature" cols="72">--
С уважением,
Максим "Sho0ter" Баштовой
<a class="m_-7527415582818146883moz-txt-link-abbreviated" href="http://www.sho0ter.com" target="_blank">www.sho0ter.com</a>
<a class="m_-7527415582818146883moz-txt-link-abbreviated" href="mailto:mail@sho0ter.com" target="_blank">mail@sho0ter.com</a></pre>
</span></div>
<br>______________________________<wbr>_________________<br>
nginx-ru mailing list<br>
<a href="mailto:nginx-ru@nginx.org">nginx-ru@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-ru" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx-ru</a><br></blockquote></div><br></div>