nginx centos build only supports SSLv3 and ignores ssl_protocols
Lukas Tribus
luky-37 at hotmail.com
Wed Oct 1 18:45:01 UTC 2014
> btw, it seems impossible to have
>
> ...
> ssl_protocols TLSv1.2;
> ...
>
> and a testresult of
>
> SSLv2 NOT offered (ok)
> SSLv3 offered
> TLSv1 not offered
> TLSv1.1 not offered
> TLSv1.2 not offered
No, its very possible. A SSL_CTX_set_ssl_version() call can fail,
or the call itself can be #ifdef'ed out.
> iirc, openssl 1.0.1e should be able to provide tls 1.2, so
> it seems quite strange
It may be:
- the nginx centos 6 RPM is linked against openssl 0.9.8 AND
- when using a source build, you didn't stop and start the correct executable AND/OR
- you have some library mismatch/mess on your system
If you don't care about the possible mess on your system and want a fast fix,
just build it statically, as previously suggested.
Regards,
Lukas
More information about the nginx
mailing list