Client can't negotiate with TLS 1.0 and 1.1

Jeffrey Walton noloader at gmail.com
Wed Aug 24 21:09:06 UTC 2022 

On Wed, Aug 24, 2022 at 4:25 PM Fabiano Furtado Pessoa Coelho
<fusca14 at gmail.com> wrote:
>
> Hi...
>
> I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server
> with one NIC and 2 IPs, with the following config:
>
>   * config based on
> https://ssl-config.mozilla.org/#server=nginx&version=1.22.0&config=intermediate&openssl=3.0.5&guideline=5.6
>
> 1st) IP 10.0.0.1 with intermediate config (only TLS 1.2 and 1.3 enabled):
>
> server {
>   listen 10.0.0.1:443 ssl http2;
>   server_name secure.example.com;
>
>   ssl_session_cache shared:SSL_intermediate:10m;
>
>   ssl_dhparam /etc/nginx/dhparams.pem;
>
>   ssl_protocols TLSv1.2 TLSv1.3;
>   ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
>   ssl_prefer_server_ciphers off;
>   ...
> }
>
> 2nd) IP 10.0.0.2 with old config (TLS 1.0 through 1.3 enabled):
>
> server {
>   listen 10.0.0.2:443 ssl http2;
>   server_name insecure.example.com;
>
>   ssl_session_cache shared:SSL_old:10m;
>
>   ssl_dhparam /etc/nginx/dhparams.pem;
>
>   ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
>   ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
>   ssl_prefer_server_ciphers on;
>   ...
> }
>
>
> $ netstat -nlpt | grep nginx | sort
> tcp     0     0 10.0.0.1:443      0.0.0.0:*         LISTEN
> 1337/nginx: master p
> tcp     0     0 10.0.0.2:443      0.0.0.0:*         LISTEN
> 1337/nginx: master p
>
>
> Trying TLS 1.0:
>
> $ openssl s_client -connect insecure.example.com:443 -tls1
> CONNECTED(00000003)
> 00FCC7F5507F0000:error:0A00042E:SSL routines:ssl3_read_bytes:tlsv1
> alert protocol version:ssl/record/rec_layer_s3.c:1584:SSL alert number
> 70
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 135 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : TLSv1
>     Cipher    : 0000
>     Session-ID:
>     Session-ID-ctx:
>     Master-Key:
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1661371345
>     Timeout   : 7200 (sec)
>     Verify return code: 0 (ok)
>     Extended master secret: no
> ---
>
>
> Trying TLS 1.1:
>
> $ openssl s_client -connect insecure.example.com:443 -tls1_1
> CONNECTED(00000003)
> 00FC0A99AB7F0000:error:0A00042E:SSL routines:ssl3_read_bytes:tlsv1
> alert protocol version:ssl/record/rec_layer_s3.c:1584:SSL alert number
> 70
> ---
> no peer certificate available
> ---
> No client certificate CA names sent
> ---
> SSL handshake has read 7 bytes and written 135 bytes
> Verification: OK
> ---
> New, (NONE), Cipher is (NONE)
> Secure Renegotiation IS NOT supported
> Compression: NONE
> Expansion: NONE
> No ALPN negotiated
> SSL-Session:
>     Protocol  : TLSv1.1
>     Cipher    : 0000
>     Session-ID:
>     Session-ID-ctx:
>     Master-Key:
>     PSK identity: None
>     PSK identity hint: None
>     SRP username: None
>     Start Time: 1661371360
>     Timeout   : 7200 (sec)
>     Verify return code: 0 (ok)
>     Extended master secret: no
> ---
>
>
> Why I can't connect with TLS 1.0 or 1.1 on insecure.example.com?
>
> Is this an OpenSSL 3 issue? Does it work with OpenSSL 1.1.1?
>
> I have separated the "ssl_protocols" by IP and there is no others
> "ssl_protocols" directives configured outside of server{} block.
>
> Thanks.

The HTTP/2 spec says TLS 1.2 when using secure sockets. See
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-http2-17#section-9.2
.

Jeff

More information about the nginx mailing list