CHACHA20-POLY1305 Server Preference NOK with tlsv1.3

Maxim Dounin mdounin at mdounin.ru
Mon May 4 15:54:00 UTC 2020


Hello!

On Mon, May 04, 2020 at 07:49:26AM +0200, Vincent Blondel wrote:

> thanks for the update Maxim but unfortunately still nok ...
> 
> my openssl.conf
> 
> [default_conf]
> ssl_conf = ssl_sect
> [ssl_sect]
> system_default = system_default_sect
> [system_default_sect]
> Options = ServerPreference,PrioritizeChaCha
> [req]
> distinguished_name = req_distinguished_name
> req_extensions = v3_req
> prompt = no
> [req_distinguished_name]
> C = DE
> CN = www.example.com
> [v3_req]
> keyUsage = keyEncipherment, dataEncipherment
> extendedKeyUsage = serverAuth
> subjectAltName = @alt_names
> [alt_names]
> DNS.1 = www.example.com

The openssl.conf looks wrong to me.  See 
https://trac.nginx.org/nginx/ticket/1445#comment:8 for a working 
example.  Quoting it here:

: openssl_conf = default_conf
: 
: [default_conf]
: ssl_conf = ssl_sect
: 
: [ssl_sect]
: system_default = system_default_sect
: 
: [system_default_sect]
: Options = PrioritizeChaCha

Note the "openssl_conf = default_conf" before the first named 
section.

-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx mailing list