issue with ssl_ciphers not being respected
itpp2012
nginx-forum at nginx.us
Fri Oct 17 10:14:24 UTC 2014
Scott Larson Wrote:
-------------------------------------------------------
> Something else must be going on here. Looking at your ssl_cipher
> string, you're opening with a rough declaration of specific ciphers
> you'll
> support, none of which should pull in RC4. It's specific enough in
> fact
> that your subsequent excluded ciphers don't even come into play. To
> test
> this I switched in my old RSA cert, rebuilt 1.7.6 against OpenSSL
> 1.0.1j,
Which is why I said try 101j, between 101e and j there are big differences
when it comes to invalid fallbacks.
Not even mentioning using 101e is asking to be hacked.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254028,254092#msg-254092
More information about the nginx
mailing list