<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""> Just to be thorough, are you sure nginx is actually using the config file that you think it is? If we’re talking about your personal domain I see TLS 1.0 and SSL 3.0 available which in this snippet you have not enabled. This behavior isn’t something I’m able to replicate with the 1.7.6/1.0.1i combo.<div class=""><br class=""><div class="">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><div style="color: rgb(0, 0, 0); font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: -webkit-auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class=""><b style="color: rgb(25, 25, 25);" class=""><div style="color: rgb(0, 0, 0); font-weight: normal;" class=""><b style="color: rgb(25, 25, 25);" class=""><font face="Lucida Grande" size="2" class=""><div style="color: rgb(0, 0, 0); font-weight: normal;" class=""><b style="font-family: Helvetica; font-size: 12px; color: rgb(25, 25, 25);" class=""><div style="color: rgb(0, 0, 0); font-weight: normal;" class=""><b style="color: rgb(25, 25, 25);" class=""><div style="color: rgb(0, 0, 0); font-weight: normal;" class=""><span class="Apple-style-span" style="color: rgb(25, 25, 25); font-weight: bold;">__________________</span></div><div style="color: rgb(0, 0, 0); font-weight: normal;" class=""><div style="margin: 0px;" class=""><font class="Apple-style-span" color="#191919"><b class=""><br class=""></b></font></div><div style="margin: 0px;" class=""><font class="Apple-style-span" color="#191919"><b class="">Scott Larson</b></font></div><div style="margin: 0px;" class=""><div style="margin: 0px;" class=""><font class="Apple-style-span" color="#007EFD"><span class="Apple-style-span" style="color: rgb(0, 0, 0);"><div style="margin: 0px;" class=""><font class="Apple-style-span" color="#191919"><b class=""><div style="margin: 0px; font-weight: normal; color: rgb(120, 120, 120);" class=""><span class="Apple-style-span" style="color: rgb(25, 25, 25);"><b class=""><div style="margin: 0px; font-weight: normal; color: rgb(120, 120, 120);" class="">Systems Administrator</div></b></span></div><div style="margin: 0px; font-weight: normal; min-height: 8px;" class=""><br class=""></div><div style="margin: 0px; font-weight: normal;" class=""><b class="">Wiredrive/LA</b></div><div style="margin: 0px; font-weight: normal;" class="">310 823 8238 ext. 1106</div><div style="margin: 0px; font-weight: normal;" class="">310 943 2078 fax</div></b></font></div><div style="margin: 0px;" class=""><font class="Apple-style-span" color="#2498FC"><a href="http://www.wiredrive.com/" class="">www.wiredrive.com</a></font></div><div style="margin: 0px;" class=""><font class="Apple-style-span" color="#2498FC"><span class="Apple-style-span" style="color: rgb(0, 0, 0);"><div style="margin: 0px; color: rgb(120, 120, 120);" class=""><div style="margin: 0px;" class=""><a href="http://www.twitter.com/wiredrive" class=""><font class="Apple-style-span" color="#2498FC">www.twitter.com/wiredrive</font></a></div><div style="margin: 0px;" class=""><font class="Apple-style-span" color="#2498FC"><a href="http://www.wiredrive.com/facebook" class="">www.facebook.com/wiredrive</a></font></div></div></span></font></div></span></font></div></div></div></b></div></b></div></font></b></div></b></div></div></div></div></div></div></div>
</div>
<br class=""><div><blockquote type="cite" class=""><div class="">On Oct 17, 2014, at 4:28 PM, Jessica Litwin <<a href="mailto:jessica@litw.in" class="">jessica@litw.in</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div dir="ltr" class="">using openssl101j, I get the same results with the following in both my vhost config and nginx.conf <div class=""><br class=""></div><div class=""><div class=""> ssl_protocols TLSv1.2 TLSv1.1;</div><div class=""> ssl_ciphers EECDH+aRSA+AESGCM:EECDH+aRSA+AES:EDH+aRSA+AESGCM:EDH+aRSA+AES:DES-CB</div><div class="">C3-SHA:!EXP:!CAMELLIA:!DSS:!MEDIUM:!LOW:!aNULL:!eNULL:!RC4;</div><div class=""> ssl_prefer_server_ciphers on;</div></div><div class=""><br class=""></div><div class=""><span style="font-family:Arial,Helvetica,sans-serif;font-size:12px;font-weight:bold;line-height:21.6000003814697px;text-align:center;background-color:rgb(255,207,121)" class="">RC4 cipher is used with TLS 1.1 or newer protocols, even though stronger ciphers are available. </span><br class=""></div><div class=""><span style="font-family:Arial,Helvetica,sans-serif;font-size:12px;font-weight:bold;line-height:21.6000003814697px;text-align:center;background-color:rgb(255,207,121)" class=""><br class=""></span></div><div class="">What the hell am I doing wrong? </div></div><div class="gmail_extra"><br class=""><div class="gmail_quote">On Fri, Oct 17, 2014 at 6:14 AM, itpp2012 <span dir="ltr" class=""><<a href="mailto:nginx-forum@nginx.us" target="_blank" class="">nginx-forum@nginx.us</a>></span> wrote:<br class=""><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Scott Larson Wrote:<br class="">
-------------------------------------------------------<br class="">
<span class="">> Something else must be going on here. Looking at your ssl_cipher<br class="">
> string, you're opening with a rough declaration of specific ciphers<br class="">
> you'll<br class="">
> support, none of which should pull in RC4. It's specific enough in<br class="">
> fact<br class="">
> that your subsequent excluded ciphers don't even come into play. To<br class="">
> test<br class="">
> this I switched in my old RSA cert, rebuilt 1.7.6 against OpenSSL<br class="">
> 1.0.1j,<br class="">
<br class="">
</span>Which is why I said try 101j, between 101e and j there are big differences<br class="">
when it comes to invalid fallbacks.<br class="">
Not even mentioning using 101e is asking to be hacked.<br class="">
<br class="">
Posted at Nginx Forum: <a href="http://forum.nginx.org/read.php?2,254028,254092#msg-254092" target="_blank" class="">http://forum.nginx.org/read.php?2,254028,254092#msg-254092</a><br class="">
<div class="HOEnZb"><div class="h5"><br class="">
_______________________________________________<br class="">
nginx mailing list<br class="">
<a href="mailto:nginx@nginx.org" class="">nginx@nginx.org</a><br class="">
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank" class="">http://mailman.nginx.org/mailman/listinfo/nginx</a><br class="">
</div></div></blockquote></div><br class=""><br clear="all" class=""><div class=""><br class=""></div>-- <br class=""><div dir="ltr" class="">Jessica K. Litwin<div class=""><a href="http://jessicalitwin.com/" target="_blank" class="">jessicalitwin.com</a><div class=""><div class="">twitter: press5<br class="">aim: press5key<br class="">skype: dr_jkl</div></div></div></div>
</div>
_______________________________________________<br class="">nginx mailing list<br class=""><a href="mailto:nginx@nginx.org" class="">nginx@nginx.org</a><br class="">http://mailman.nginx.org/mailman/listinfo/nginx</div></blockquote></div><br class=""></div></body></html>