Ciphersuites configuration: unknown command
Ariel Goyeneche
agoyeneche at gmail.com
Mon Oct 7 08:22:03 UTC 2024
Hi Team,
If possible, I am looking for help on how to change the cipher on my
existing Unit instance.
*Background:*
We have been running Nginx Unit 1.28 for some time without problems on an
intranet installation. I built Unit from source to be able to work with a
specific python version (Python 3.9.12) I configured the built with openssl
option (./configure --openssl)
By default my current Unit instance is loading a now obsolete cipher
(AES256-GCM-SHA384). Therefore, I have the need to upgrade the ciphers.
*Issue*
When I am trying to add the following option:
"tls": {
"certificate": "bundle",
"conf_commands": {
"ciphersuites": "ECDHE-RSA-AES256-GCM-SHA384",
"minprotocol": "TLSv1.2"
}
}
I get an error saying: *unknown command "ciphersuites" in "conf_commands"
option (386: unknown cmd name)*
Even when I try to load the existing cipher, I have the same error:
"tls": {
"certificate": "bundle",
"conf_commands": {
"ciphersuites": "AES256-GCM-SHA384",
"minprotocol": "TLSv1.2"
}
}
*unknown command "ciphersuites" in "conf_commands" option (386: unknown cmd
name)*
My openssl -ciphers -v list includes AES256-GCM-SHA384 and
ECDHE-RSA-AES256-GCM-SHA384.
*Questions*
Would it be possible that I am typing something wrong? is this the correct
approach? or it may be that I need to upgrade my Unit version?
Thanks in advance
AG
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/unit/attachments/20241007/8b30a0a4/attachment.htm>
More information about the unit
mailing list