<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /></head><body style='font-size: 10pt; font-family: Verdana,Geneva,sans-serif'>
<p>Dear B. R.</p>
<p>It looks like this is a firefox isssue.</p>
<p>With chomium 38 and curl and s_client I was able to connect.</p>
<p>##########<br />openssl version -a<br />OpenSSL 1.0.1 14 Mar 2012<br />built on: Thu Aug 7 13:42:02 UTC 2014<br />platform: debian-amd64<br />options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) <br />compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM<br /><br />/usr/sbin/nginx -c /etc/nginx/nginx.conf -V<br />nginx version: nginx/1.7.4<br />built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) <br />TLS SNI support enabled<br />configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6<br /><br />ldd /usr/sbin/nginx<br /> linux-vdso.so.1 => (0x00007fff54dfe000)<br /> libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fdac5938000)<br /> libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007fdac56ff000)<br /> libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007fdac54c1000)<br /> libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fdac5263000)<br /> libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fdac4e88000)<br /> libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fdac4c70000)<br /> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdac48b1000)<br /> /lib64/ld-linux-x86-64.so.2 (0x00007fdac5b63000)<br /> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fdac46ad000)<br /><br />ldd $(which openssl)<br /> linux-vdso.so.1 => (0x00007fffdddfe000)<br /> libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fbd557c6000)<br /> libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fbd553eb000)<br /> libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fbd5502b000)<br /> libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fbd54e27000)<br /> libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fbd54c10000)<br /> /lib64/ld-linux-x86-64.so.2 (0x00007fbd55a32000)</p>
<p>#########</p>
<p>cheers a l</p>
<p>Am 16-08-2014 11:53, schrieb B.R.:</p>
<blockquote type="cite" style="padding: 0 0.4em; border-left: #1010ff 2px solid; margin: 0"><!-- html ignored --><!-- head ignored --><!-- meta ignored -->
<div dir="ltr">
<div class="gmail_default" style="font-size: small; color: #333399;">Hello,<br /><br /></div>
<div class="gmail_default" style="font-size: small; color: #333399;">The error comes from OpenSSL.</div>
<div class="gmail_default" style="font-size: small; color: #333399;"> </div>
<div class="gmail_default" style="font-size: small; color: #333399;">From its name, I wouldsay the constant being check is one that OpenSSL sets during handshake.</div>
<div class="gmail_default" style="font-size: small; color: #333399;">From its name too, I wouls say this applies to a SSLv3 handshake. OpenSSL has a corresponding TLSv1 constant named DTLS1_SEND_SERVER_KEY_EXCHANGE.</div>
<div class="gmail_default" style="font-size: small; color: #333399;">Seems like a bug, possibly related to the (non widespread) use of ECC certificates.</div>
<div class="gmail_default" style="font-size: small; color: #333399;"> </div>
<div class="gmail_default" style="font-size: small; color: #333399;">Before really calling out for a bug: you say SSLv3 is disabled. Please be really sure of that.<br /><br /></div>
<div class="gmail_default" style="font-size: small; color: #333399;">Check the OpenSSL library your nginx has been linked against. I suggest you update that package on your system and retry.</div>
<div class="gmail_default" style="font-size: small; color: #333399;">Try balance between sufficiently up-to-date version and avoinding versions with well-known vulnerabilities.<br /><br /></div>
<div class="gmail_default" style="font-size: small; color: #333399;">Hope I helped,</div>
<div class="gmail_extra">
<div><span style="font-size: xx-small;"><span style="color: #666666;">---<br /></span><strong><span style="color: #666666;">B. R.</span></strong><span style="color: #666666;"></span></span></div>
</div>
</div>
<br />
<div class="pre" style="margin: 0; padding: 0; font-family: monospace">_______________________________________________<br /> nginx mailing list<br /><a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br /><a href="http://mailman.nginx.org/mailman/listinfo/nginx">http://mailman.nginx.org/mailman/listinfo/nginx</a></div>
</blockquote>
</body></html>