Getting forward secrecy enabled

mex nginx-forum at nginx.us
Wed Oct 2 05:34:36 UTC 2013


hmm, looks like some mismatch: in yoiur config you define ECDH, but in your
screenshot 
i see DH configured (please compare your screenshot with the ssllabs-link i
provided, esp.
the cipher-suites/handshake - part. 

should be:

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH 256 bits (eq. 3072
bits RSA)   FS

is:
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   DH 4096 bits 



your openssl-version seems to be OK.

did you compiled nginx with your own version of openssl?

if not, what gives "openssl version" ?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,243341,243348#msg-243348



More information about the nginx mailing list