ssl3_get_client_hello:no shared cipher

arnabmaity1 nginx-forum at
Fri Dec 14 14:42:18 UTC 2018


I am pasting the current conf file. Please review and suggest ; all
connections are through port 443.

server {
    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;

    server_name <url name>;
    root   /usr/share/nginx/html/Bank/;
    ssl_certificate /<path>/<name>.crt;
    ssl_certificate_key /<path>/private.key;
	#ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1.2;
	ssl_prefer_server_ciphers on;
	ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver valid=300s;
    resolver_timeout 5s;

    # Disable preloading HSTS for now.  You can use the commented out header
line that includes
    # the "preload" directive if you understand the implications.
    #add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains; preload";

    add_header Strict-Transport-Security "max-age=63072000;
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    underscores_in_headers on;

    error_log /var/log/nginx/error.log debug;
	location /<name>/ {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		#proxy_pass_request_headers on ;
		proxy_cookie_path /<tagname> "/; secure; HttpOnly; SameSite=lax";
        proxy_pass http://<IP>:8080/;
        sendfile off;
        expires  0;
        add_header Cache-Control private;
        add_header Cache-Control no-store;
        add_header Cache-Control no-cache;
        add_header Strict-Transport-Security "max-age=63072000;
        index  index.html index.htm;


Posted at Nginx Forum:,282382,282389#msg-282389

More information about the nginx mailing list