Bug re: openssl-1.0.1
luky-37 at hotmail.com
Mon Jan 12 17:55:54 UTC 2015
> I did an ssldump and this is the conversation between both servers:
This ssldump seems incomplete, there is no response. Please post the
The bug is probably neither in openssl nor in nginx, but in the origin
server (but we don't have the full handshake here).
Since nginx 1.5.6, you can configure proxy_ssl_protocols and
proxy_ssl_ciphers to configure backend ssl traffic, which may
allows you to workaround certain backend bugs.
Certainly a lot of bogus ciphers are enabled by default in your
setup (NULL, EXPORT, etc).
If you have nginx>= 1.5.6, you can probably workaround this
by forcing SSLv3 (which I would not recommend at all):
But I would rather configure a sane cipher list with
proxy_ssl_ciphers and see to get it working with it (see ).
Try playing with "openssl s_client -cipher <cipherlist>" to find
a secure and working configuration.
More information about the nginx