nginx and ephemeral Diffie-Hellman keys

Jauder Ho lists at
Fri Jun 13 06:54:45 MSD 2008

I've been fighting with this all do so hopefully someone can help shed
some light.

I have a site configured to use SSL and it current does successfully
negotiate SSL. However, I am not able for the life of me to get nginx to
offer up DH keys/ciphers.

What I am able to get negotiated is AES256-SHA. What I would like to be
able to see is DHE-RSA-AES256-SHA

The following is that I have set currently.

    ssl_prefer_server_ciphers on;
    ssl_protocols SSLv3 TLSv1;

    # Set the ciphers to use. See

Using and, it
looks like only RSA key exchanges are successful.

I have concatenated the DH params to the certificate with no effect.
dhparams was created with the following command

  openssl dhparam -dsaparam -out dh1024dsa.pem -5 1024

Also looking at the nginx error log files, I see a lot of

  SSL23_GET_CLIENT_HELLO:unknown protocol
  SSL3_GET_CLIENT_HELLO:no shared cipher

yet the odd thing is I am able to successfully access

nginx was compiled using the following flags.

  ~/src/nginx-0.7.1$ ./configure --with-http_ssl_module
--add-module=../nginx-upstream-fair/ --with-http_gzip_static_module

Any suggestions would be welcome.
Posted via

More information about the nginx mailing list