Getting forward secrecy enabled

mex nginx-forum at
Wed Oct 2 05:34:36 UTC 2013

hmm, looks like some mismatch: in yoiur config you define ECDH, but in your
i see DH configured (please compare your screenshot with the ssllabs-link i
provided, esp.
the cipher-suites/handshake - part. 

should be:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH 256 bits (eq. 3072
bits RSA)   FS

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   DH 4096 bits 

your openssl-version seems to be OK.

did you compiled nginx with your own version of openssl?

if not, what gives "openssl version" ?

Posted at Nginx Forum:,243341,243348#msg-243348

More information about the nginx mailing list