SSL Strangeness

Igor Sysoev is at
Tue Dec 11 11:00:34 MSK 2007

On Mon, Dec 10, 2007 at 03:12:54PM -0800, Curtis Spencer wrote:

> Ok, so here is an update.
> 1)  I tried running that test with ab, and I didn't get the httperf
> issue where the SSL requests started taking forever, so probably means
> it is an httperf tool issue with --ssl option.  Strange...

Could you how you run httperf ? I will try to reproduce it in my

> 2)  I still encounter the issue where SSL requests hang indefinitely
> for some firefox users in my office. I dug a little deeper and I found
> that people around the internet are having issues with Mozilla Firefox
> 2.0 and having the Use TLS 1.0 set to checked in the preferences and
> negotiating SSL connections with secure servers.  Everyone in my
> office who was having the problem was using Mozilla Firefox 2.0, so I
> had them all disable the TLS 1.0 settings.  I am going to watch and
> see what happens over the next few days.
> This brings up the issue.  Has anyone encountered this TLS issue as
> well, and is there a server setting I can set on nginx to prevent
> Firefox from even trying to use TLS 1.0 (if this is even the problem)?

You may only disable TLSv1 at all:

ssl_protocols SSLv2 SSLv3;

The no way to find out a browser before SSL handshake will be done.
This is the same case as it was with name-based virtual hosts.

Igor Sysoev

More information about the nginx mailing list