nginx and ephemeral Diffie-Hellman keys
lists at ruby-forum.com
Fri Jun 13 06:54:45 MSD 2008
I've been fighting with this all do so hopefully someone can help shed
I have a site configured to use SSL and it current does successfully
negotiate SSL. However, I am not able for the life of me to get nginx to
offer up DH keys/ciphers.
What I am able to get negotiated is AES256-SHA. What I would like to be
able to see is DHE-RSA-AES256-SHA
The following is that I have set currently.
ssl_protocols SSLv3 TLSv1;
# Set the ciphers to use. See
Using http://www.serversniff.net/sslcheck.php and vurbu.com:443, it
looks like only RSA key exchanges are successful.
I have concatenated the DH params to the certificate with no effect.
dhparams was created with the following command
openssl dhparam -dsaparam -out dh1024dsa.pem -5 1024
Also looking at the nginx error log files, I see a lot of
SSL3_GET_CLIENT_HELLO:no shared cipher
yet the odd thing is I am able to successfully access https://vurbu.com/
nginx was compiled using the following flags.
~/src/nginx-0.7.1$ ./configure --with-http_ssl_module
Any suggestions would be welcome.
Posted via http://www.ruby-forum.com/.
More information about the nginx