ssl_cipher for mail not working

Maxim Dounin mdounin at
Sun Aug 18 23:21:58 UTC 2013


On Wed, Aug 14, 2013 at 06:56:32AM -0400, MKl wrote:

> Hello,
> to increase security of SSL I added some eliptic-curves-ciphers to the
> chain. For HTTPS it's working fine, but for the mail proxy it does not work,
> I only always get RC4-SHA instead of the ECDH ciphers.
> See configuration at the end of this message.
> I'm testing it with:
> openssl s_client -cipher 'ECDH:DH' -connect
> openssl s_client -cipher 'ECDH:DH' -connect
> The first command gives me a successful connection with ECDHE-RSA-RC4-SHA,
> so for HTTPS the cipherlist is used. The second command fails with an error:
> "sslv3 alert handshake failure", the IMAPS server does not provide ECDH
> support. I used exactly the same ssl_cipher line for HTTPS and the mail
> proxy.
> When using the following command without forcing any ciphers on the client I
> can see that RC4-SHA is the "best" cipher that is supported and used:
> openssl s_client -connect
> Anybody has an idea where the problem is?

Looks like the problem fixed by this changeset:

Should work fine in nginx 1.5.1+.


Maxim Dounin

More information about the nginx mailing list