ssl_cipher for mail not working
mdounin at mdounin.ru
Sun Aug 18 23:21:58 UTC 2013
On Wed, Aug 14, 2013 at 06:56:32AM -0400, MKl wrote:
> to increase security of SSL I added some eliptic-curves-ciphers to the
> chain. For HTTPS it's working fine, but for the mail proxy it does not work,
> I only always get RC4-SHA instead of the ECDH ciphers.
> See configuration at the end of this message.
> I'm testing it with:
> openssl s_client -cipher 'ECDH:DH' -connect domain.de:443
> openssl s_client -cipher 'ECDH:DH' -connect imap.domain.de:993
> The first command gives me a successful connection with ECDHE-RSA-RC4-SHA,
> so for HTTPS the cipherlist is used. The second command fails with an error:
> "sslv3 alert handshake failure", the IMAPS server does not provide ECDH
> support. I used exactly the same ssl_cipher line for HTTPS and the mail
> When using the following command without forcing any ciphers on the client I
> can see that RC4-SHA is the "best" cipher that is supported and used:
> openssl s_client -connect imap.domain.de:993
> Anybody has an idea where the problem is?
Looks like the problem fixed by this changeset:
Should work fine in nginx 1.5.1+.
More information about the nginx