ECC Certificates and SNI
reallfqq-nginx at yahoo.fr
Sat Aug 16 09:53:14 UTC 2014
The error comes from OpenSSL.
>From its name, I wouldsay the constant being check is one that OpenSSL sets
>From its name too, I wouls say this applies to a SSLv3 handshake. OpenSSL
has a corresponding TLSv1 constant named DTLS1_SEND_SERVER_KEY_EXCHANGE.
Seems like a bug, possibly related to the (non widespread) use of ECC
Before really calling out for a bug: you say SSLv3 is disabled. Please be
really sure of that.
Check the OpenSSL library your nginx has been linked against. I suggest you
update that package on your system and retry.
Try balance between sufficiently up-to-date version and avoinding versions
with well-known vulnerabilities.
Hope I helped,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx