In Nginx revers proxy unable to disable TLS1
Maxim Dounin
mdounin at mdounin.ru
Mon Dec 3 14:13:31 UTC 2018
Hello!
On Sat, Dec 01, 2018 at 01:02:19AM -0500, blason wrote:
> Hi Team,
>
> I have deployed nginx in reverse proxy mode and trying to disable TLS1
> and1.1 in configuation file but somehow it still shows when site is scanned
> by SSLlabs.
>
> Any idea why?
>
> nginx version: nginx/1.10.1
>
> ssl_prefer_server_ciphers On;
> ssl_protocols TLSv1.2;
> ssl_ciphers
> ECDH+AESGCM:ECDH+CHACHA20:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS;
> ssl_dhparam /etc/ssl/stest.pem;
Make sure you change ssl_protocols in the right context. It is
not possible to change enabled SSL protocols in a SNI-based
virtual server, so you have to define the "ssl_protocols"
directive in the default server for the listening socket. Most
simple solution would be define "ssl_protocols" in the "http"
context, so it will be used for all servers.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list