HTTP/2 without forward secrecy (Diffie-Hellman)
redeemerofsouls666 at web.de
Mon Aug 15 12:32:46 UTC 2016
for a test environment I successfully set up an nginx webserver (1.11.2)
But for further tests I need to decrypt traffic with wireshark using the
servers private key.
For that I need to disable forward secrecy (since it is only a test
environment security is not an issue)
So I changed the "ssl_ciphers" in my /sites-enabled/default file from:
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
So my configuration looks like this:
listen 443 http2;
index index.php index.html index.htm;
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
But now the server won't do HTTP/2 anymore, it falls back to HTTP/1.1.
I tried the same with an Apache webserver and it worked fine, so I guess
it is not a general problem with the chosen cipher.
Any ideas on what could be the problem?
More information about the nginx