Client can't negotiate with TLS 1.0 and 1.1

Lukas Tribus lukas at
Thu Aug 25 19:30:21 UTC 2022


the *client* you are using to test this is just as important. Adjust
CipherString in /etc/ssl/openssl.cnf or the client parameters (-cipher

~# grep SEC /etc/ssl/openssl.cnf
CipherString = DEFAULT:@SECLEVEL=2
~# openssl s_client -connect -tls1
804BDAE0FF7E0000:error:0A0000BF:SSL routines:tls_setup_handshake:no
protocols available:../ssl/statem/statem_lib.c:104:
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 7 bytes
Verification: OK
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
~# openssl s_client -connect -tls1 -cipher
depth=2 C = US, O = Google Trust Services LLC, CN = GTS Root R1
verify return:1
depth=1 C = US, O = Google Trust Services LLC, CN = GTS CA 1C3
verify return:1
depth=0 CN =
verify return:1


More information about the nginx mailing list