ECC Certificates and SNI
B.R.
reallfqq-nginx at yahoo.fr
Sat Aug 16 09:53:14 UTC 2014
Hello,
The error comes from OpenSSL.
>From its name, I wouldsay the constant being check is one that OpenSSL sets
during handshake.
>From its name too, I wouls say this applies to a SSLv3 handshake. OpenSSL
has a corresponding TLSv1 constant named DTLS1_SEND_SERVER_KEY_EXCHANGE.
Seems like a bug, possibly related to the (non widespread) use of ECC
certificates.
Before really calling out for a bug: you say SSLv3 is disabled. Please be
really sure of that.
Check the OpenSSL library your nginx has been linked against. I suggest you
update that package on your system and retry.
Try balance between sufficiently up-to-date version and avoinding versions
with well-known vulnerabilities.
Hope I helped,
---
*B. R.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140816/42430f63/attachment.html>
More information about the nginx
mailing list