nginx 0.7.65 and TLS1.2

Sergey Kandaurov pluknet at nginx.com
Fri May 15 10:16:57 UTC 2020


> On 15 May 2020, at 12:43, Marko Domanović <marko at vizio.biz> wrote:
> 
> Long story short, I need nginx 0.7.65 to be able to support TLS1.2.
> Seems like it's dependent on openssh version and installed one is 1.0.1t
> which seem to support TLS1.2, but "nmap --script ssl-enum-ciphers -p 443
> sitename" says only SSLv3 and TLS1.0 are supported. So is there anything
> I can to to make nginx 0.7.65 recognize TLS1.2 and use it?
> 

Technically, you could.
You just won't be able to disable this protocol in configuration.

$ printf "GET / HTTP/1.0\n\n" | openssl s_client -connect 127.0.0.1:8081 -ign_eof
...
New, TLSv1.2, Cipher is DHE-RSA-AES256-GCM-SHA384
...
HTTP/1.1 200 OK
Server: nginx/0.7.65
Date: Fri, 15 May 2020 10:14:17 GMT
Content-Type: text/html
Content-Length: 0
Last-Modified: Fri, 15 May 2020 10:12:53 GMT
Connection: close
Accept-Ranges: bytes

$ ./objs/nginx -V
nginx version: nginx/0.7.65
TLS SNI support enabled

-- 
Sergey Kandaurov



More information about the nginx mailing list