nginx centos build only supports SSLv3 and ignores ssl_protocols

Lukas Tribus luky-37 at
Wed Oct 1 18:45:01 UTC 2014

> btw, it seems impossible to have
> ...
> ssl_protocols TLSv1.2;
> ...
> and a testresult of
> SSLv2 NOT offered (ok)
> SSLv3 offered
> TLSv1 not offered
> TLSv1.1 not offered
> TLSv1.2 not offered

No, its very possible. A SSL_CTX_set_ssl_version() call can fail,
or the call itself can be #ifdef'ed out.

> iirc, openssl 1.0.1e should be able to provide tls 1.2, so
> it seems quite strange

It may be:
- the nginx centos 6 RPM is linked against openssl 0.9.8 AND
- when using a source build, you didn't stop and start the correct executable AND/OR
- you have some library mismatch/mess on your system

If you don't care about the possible mess on your system and want a fast fix,
just build it statically, as previously suggested.




More information about the nginx mailing list