SSL Strangeness
Igor Sysoev
is at rambler-co.ru
Tue Dec 11 11:00:34 MSK 2007
On Mon, Dec 10, 2007 at 03:12:54PM -0800, Curtis Spencer wrote:
> Ok, so here is an update.
>
> 1) I tried running that test with ab, and I didn't get the httperf
> issue where the SSL requests started taking forever, so probably means
> it is an httperf tool issue with --ssl option. Strange...
Could you how you run httperf ? I will try to reproduce it in my
environment.
> 2) I still encounter the issue where SSL requests hang indefinitely
> for some firefox users in my office. I dug a little deeper and I found
> that people around the internet are having issues with Mozilla Firefox
> 2.0 and having the Use TLS 1.0 set to checked in the preferences and
> negotiating SSL connections with secure servers. Everyone in my
> office who was having the problem was using Mozilla Firefox 2.0, so I
> had them all disable the TLS 1.0 settings. I am going to watch and
> see what happens over the next few days.
>
> This brings up the issue. Has anyone encountered this TLS issue as
> well, and is there a server setting I can set on nginx to prevent
> Firefox from even trying to use TLS 1.0 (if this is even the problem)?
You may only disable TLSv1 at all:
ssl_protocols SSLv2 SSLv3;
The no way to find out a browser before SSL handshake will be done.
This is the same case as it was with name-based virtual hosts.
--
Igor Sysoev
http://sysoev.ru/en/
More information about the nginx
mailing list