openssl 1.0.1 and tls1.1 and up

Nemesiz nginx-forum at nginx.us
Tue Apr 15 12:31:42 UTC 2014 

Hello

I`m struggling with enabling tls1.1 and tls1.2. Some info:

NGINX:

# nginx -V
nginx version: nginx/1.5.13
built by gcc 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu9) 
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/1.5.13
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --with-pcre-jit --with-debug
--with-http_addition_module --with-http_auth_request_module
--with-http_dav_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module
--with-http_realip_module --with-http_spdy_module --with-http_ssl_module
--with-http_stub_status_module --with-http_sub_module
--with-http_xslt_module --with-ipv6
--add-module=/usr/src/nginx-modules/nginx-openssl-version
--add-module=/usr/src/nginx-modules/testcookie-nginx-module
--with-pcre=/usr/src/nginx-modules/pcre-8.35
--with-openssl=/usr/src/nginx-modules/openssl-1.0.1g

SSL settings:

ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';
add_header Strict-Transport-Security "max-age=31536000;
includeSubdomains;";


https://www.ssllabs.com/ssltest/ results:

Protocols
TLS 1.2 	No	
TLS 1.1 	No
TLS 1.0 	Yes
SSL 3 	Yes
SSL 2 	No

Any hint ?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249305,249305#msg-249305

More information about the nginx mailing list