Weird proxy_ssl_protocol ordering
nginx-forum at forum.nginx.org
Fri Jan 13 17:33:16 UTC 2017
I found some strange behavior while troubleshooting a connectivity issue
today. Below was the scenario.
* Upstream Backend configured to allow TLSv1.1 and TLSv1.2
* Client (nginx) configured with proxy_ssl_protocols TLSv1 TLSv1.2
No matter the ordering of nginx proxy_ssl_protocols TLSv1 was always
attempted first and the handshake would fail. Once I added TLSv1.1 it caused
TLSv1.2 to be attempted first which would be successful to the Server.
Is this a bug? I always assumed that nginx would default to highest
supported protocol outbound; but it seems that "TLSv1 TLSv1.2" might
introduce some sort of strange ordering issue.
We're using openresty 18.104.22.168.1 which internally uses nginx 1.11.2.
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271984,271984#msg-271984
More information about the nginx