I found where the problems was. I thought ssl options can be different in
virtual host. Default server settings was not overwritten.
server {
include conf/default-settings;
root /var/www;
server_name "";
ssl on;
ssl_certificate ssl/nmz_ssl.crt;
ssl
I recompiled with default openssl lib (1.0.1e-3ubuntu1.2)
Default install path:
# nginx -V
nginx version: nginx/1.5.13
built by gcc 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu9)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/1.5.13
--conf-path=/etc/nginx/nginx.conf --error-log-pa
Maxim Dounin Wrote:
---
> It looks like you are testing something different, not nginx you
> are trying to configure. Check what is actually listening on the
> ip:port you are testing.
testssl.sh:
--> Testing HTTP Header response
HSTS
Strange things are happening.
nginx:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Results:
ssllabs.com:
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3 Yes
SSL 2 No
testssl.sh:
SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 offered (ok)
TLSv1.1 not offered
TLSv1.2
Hello
I`m struggling with enabling tls1.1 and tls1.2. Some info:
NGINX:
# nginx -V
nginx version: nginx/1.5.13
built by gcc 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu9)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/1.5.13
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var
