Client can't negotiate with TLS 1.0 and 1.1
Fabiano Furtado Pessoa Coelho
fusca14 at gmail.com
Thu Aug 25 20:03:23 UTC 2022
WOW! It worked!!! THANKS!!!
I configured my NGINX with "ssl_ciphers ...:@SECLEVEL=0;".
Thank you!!!! Thank you!!!
On Thu, Aug 25, 2022 at 4:31 PM Lukas Tribus wrote:
>
> Hello,
>
>
> the *client* you are using to test this is just as important. Adjust
> CipherString in /etc/ssl/openssl.cnf or the client parameters (-cipher
> "DEFAULT:@SECLEVEL=0") too.
>
> ~# grep SEC /etc/ssl/openssl.cnf
> CipherString = DEFAULT:@SECLEVEL=2
> ~#
> ~# openssl s_client -connect www.google.com:443 -tls1
> CONNECTED(00000003)
> 804BDAE0FF7E0000:error:0A0000BF:SSL routines:tls_setup_handshake:no
> protocols available:../ssl/statem/statem_lib.c:104:
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 0 bytes and written 7 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> Early data was not sent
> Verify return code: 0 (ok)
> ---
> ~# openssl s_client -connect www.google.com:443 -tls1 -cipher
> "DEFAULT:@SECLEVEL=0"
> CONNECTED(00000003)
> depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
> verify return:1
> depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
> verify return:1
> depth=0 CN = www.google.com
> verify return:1
> [...]
>
>
>
> cheers,
> lukas
> _______________________________________________
> nginx mailing list -- nginx at nginx.org
> To unsubscribe send an email to nginx-leave at nginx.org
More information about the nginx
mailing list