WOW! It worked!!! THANKS!!!
I configured my NGINX with "ssl_ciphers ...:@SECLEVEL=0;".
Thank you Thank you!!!
On Thu, Aug 25, 2022 at 4:31 PM Lukas Tribus wrote:
>
> Hello,
>
>
> the *client* you are using to test this is just as important. Adjust
> CipherString in /etc/ssl/openssl.cnf or th
Hello,
the *client* you are using to test this is just as important. Adjust
CipherString in /etc/ssl/openssl.cnf or the client parameters (-cipher
"DEFAULT:@SECLEVEL=0") too.
~# grep SEC /etc/ssl/openssl.cnf
CipherString = DEFAULT:@SECLEVEL=2
~#
~# openssl s_client -connect www.google.com:443 -t
Hi...
On Thu, Aug 25, 2022 at 12:59 PM Sergey Kandaurov wrote:
>
>
> > On 25 Aug 2022, at 00:22, Fabiano Furtado Pessoa Coelho wrote:
> >
> > Hi...
> >
> > I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server
> > with one NIC and 2 IPs, with the following config:
> >
> > [...]
> > Wh
> On 25 Aug 2022, at 00:22, Fabiano Furtado Pessoa Coelho
> wrote:
>
> Hi...
>
> I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server
> with one NIC and 2 IPs, with the following config:
>
> [...]
> Why I can't connect with TLS 1.0 or 1.1 on insecure.example.com?
>
> Is this a
Unfortunately, no! :(
I've deleted all http2 references from the listen directive with 10.0.0.2 IP.
On Wed, Aug 24, 2022 at 6:10 PM Jeffrey Walton wrote:
>
> On Wed, Aug 24, 2022 at 4:25 PM Fabiano Furtado Pessoa Coelho
> wrote:
[...]
>
> The HTTP/2 spec says TLS 1.2 when using secure sockets.
Hi... same behavior! :(
secure.example.com = 10.0.0.1
insecure.example.com = 10.0.0.2
Using curl with "host" header:
$ curl -kv --tlsv1.0 --tls-max 1.1 -H 'host: insecure.example.com'
https://10.0.0.2/
* Trying 10.0.0.2:443...
* Connected to 10.0.0.2 (10.0.0.2) port 443 (#0)
* ALPN, offering h2
On Wed, Aug 24, 2022 at 4:25 PM Fabiano Furtado Pessoa Coelho
wrote:
>
> Hi...
>
> I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server
> with one NIC and 2 IPs, with the following config:
>
> * config based on
> https://ssl-config.mozilla.org/#server=nginx&version=1.22.0&config=in
Fabiano,
Is it possible that you have nginx.org/r/ssl_reject_handshake configured
in another server block listening on 10.0.0.2:443?
Is there anything useful in nginx error log?
My guess, using -servername option will resolve the issue for you.
Regards,
Igor.
On 24/08/2022 21:22, Fabiano Fur
Hello!
On Wed, Aug 24, 2022 at 05:22:10PM -0300, Fabiano Furtado Pessoa Coelho wrote:
> I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server
> with one NIC and 2 IPs, with the following config:
>
> * config based on
> https://ssl-config.mozilla.org/#server=nginx&version=1.22.0&co
Hi...
I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server
with one NIC and 2 IPs, with the following config:
* config based on
https://ssl-config.mozilla.org/#server=nginx&version=1.22.0&config=intermediate&openssl=3.0.5&guideline=5.6
1st) IP 10.0.0.1 with intermediate config (o
10 matches
Mail list logo
