ECC Certificates and SNI

B.R. reallfqq-nginx at yahoo.fr
Sat Aug 16 09:53:14 UTC 2014


Hello,

The error comes from OpenSSL.

>From its name, I wouldsay the constant being check is one that OpenSSL sets
during handshake.
>From its name too, I wouls say this applies to a SSLv3 handshake. OpenSSL
has a corresponding TLSv1 constant named DTLS1_SEND_SERVER_KEY_EXCHANGE.
Seems like a bug, possibly related to the (non widespread) use of ECC
certificates.

Before really calling out for a bug: you say SSLv3 is disabled. Please be
really sure of that.

Check the OpenSSL library your nginx has been linked against. I suggest you
update that package on your system and retry.
Try balance between sufficiently up-to-date version and avoinding versions
with well-known vulnerabilities.

Hope I helped,
---
*B. R.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140816/42430f63/attachment.html>


More information about the nginx mailing list