nginx centos build only supports SSLv3 and ignores ssl_protocols
mayak
mayak at australsat.com
Wed Oct 1 12:11:30 UTC 2014
hi all,
i have several nginx sites, and as i try to deploy ssl, i am having issues with `ssl_protocols`
<config>
...
ssl on;
ssl_certificate /etc/x509V6/domain.crt;
ssl_certificate_key /etc/x509V6/domain.key;
ssl_session_cache off;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;
...
</config>
this configuration can then be tested with: https://testssl.sh/testssl.sh
SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered
SPDY/NPN http/1.1 (advertised)
so SSLv3 is still offered and SSLv1.2 is not offered.
any ideas on how to get the `ssl_protocols` to be parsed and respected by nginx?
thanks
m
More information about the nginx
mailing list