<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><meta http-equiv="Content-Type" content="text/html; charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hi,<div class=""><br class=""></div><div class="">Did I add or remove the wrong ciphers for http2, and are they in the correct order? I found plenty of different documents on the Internet. Since mine is now broken, I should ask here :) Any ideas?</div><div class=""><br class=""></div><div class=""><div class=""><br class=""></div><div class="">Error message from Chrome:</div><div class=""><span style="color: rgb(100, 100, 100); font-family: system-ui, sans-serif; font-size: 12px; font-variant-ligatures: normal; orphans: 2; text-transform: uppercase; widows: 2; background-color: rgb(247, 247, 247);" class="">ERR_SSL_VERSION_OR_CIPHER_MISMATCH</span><br class=""><div class=""><br class="webkit-block-placeholder"></div><div class=""><br class="webkit-block-placeholder"></div><div class="">My nginx.conf has,</div><div class=""><br class=""></div><div class=""><div class=""> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;</div><div class=""> ssl_prefer_server_ciphers on;</div><div class=""> ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';</div><div class=""> ssl_session_cache shared:SSL:15m;</div><div class=""> ssl_session_timeout 1d;</div><div class=""> ssl_session_tickets off;</div><div class=""> ssl_dhparam /etc/nginx/ssl/dhparam.pem;</div></div><div class=""><br class=""></div><div class=""><br class=""></div><div class="">The vhost has http2 switched on with TLS 1.2 only:</div><div class=""><br class=""></div><div class=""><div class="">server {</div><div class=""> listen 443 ssl http2;</div><div class=""><br class=""></div><div class="">...</div></div><div class=""><br class=""></div><div class=""><div class=""> ssl_prefer_server_ciphers On;</div><div class=""> ssl_protocols TLSv1.2;</div><div class=""> ssl_session_timeout 8m;</div><div class=""> ssl_ecdh_curve secp521r1;</div></div><div class=""><br class=""></div><div class="">…</div><div class=""><br class=""></div><div class=""><div class=""> add_header X-Content-Type-Options nosniff;</div><div class=""> add_header X-Frame-Options SAMEORIGIN;</div><div class=""> add_header X-Content-Type-Options nosniff;</div><div class=""> add_header X-XSS-Protection "1; mode=block";</div><div class=""> add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";</div><div class=""> add_header Referrer-Policy "no-referrer";</div></div><div class=""><br class=""></div><div class="">}</div><div class=""><br class=""></div><div class="">
<div style="letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class="">Sophie </div><div style="font-family: Helvetica; font-size: 14px; font-style: normal; font-variant-caps: normal; font-weight: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px;" class=""><br class=""></div><br class="Apple-interchange-newline"></div></div><br class="Apple-interchange-newline"><br class="Apple-interchange-newline">
</div>
<br class=""></div></div></div></body></html>