ssl3_get_client_hello:no shared cipher
arnabmaity1
nginx-forum at forum.nginx.org
Fri Dec 14 14:42:18 UTC 2018
Hi
I am pasting the current conf file. Please review and suggest ; all
connections are through port 443.
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name <url name>;
root /usr/share/nginx/html/Bank/;
ssl_certificate /<path>/<name>.crt;
ssl_certificate_key /<path>/private.key;
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
# Disable preloading HSTS for now. You can use the commented out header
line that includes
# the "preload" directive if you understand the implications.
#add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains; preload";
add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
underscores_in_headers on;
error_log /var/log/nginx/error.log debug;
location /<name>/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_pass_request_headers on ;
proxy_cookie_path /<tagname> "/; secure; HttpOnly; SameSite=lax";
proxy_pass http://<IP>:8080/;
sendfile off;
expires 0;
add_header Cache-Control private;
add_header Cache-Control no-store;
add_header Cache-Control no-cache;
add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains";
index index.html index.htm;
}
}
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282382,282389#msg-282389
More information about the nginx
mailing list