maybe related (maxims answer)
http://forum.nginx.org/read.php?2,254016,254050#msg-254050
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254028,254123#msg-254123
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo
This was fun...
I found a subdomain's vhost was allowing RC4, and fixing that the RC4 alert
go away for scanning the main site. I think this might be an issue with the
way the Qualys scanner works. Thank you all for helping & kudos to Scott
Larson for putting up with me :)
-jkl
On Fri, Oct 17, 2
no, not that domain. i'll contact you off-list :D
On Fri, Oct 17, 2014 at 7:41 PM, Scott Larson wrote:
> Just to be thorough, are you sure nginx is actually using the config
> file that you think it is? If we’re talking about your personal domain I
> see TLS 1.0 and SSL 3.0 available which
Just to be thorough, are you sure nginx is actually using the config file
that you think it is? If we’re talking about your personal domain I see TLS 1.0
and SSL 3.0 available which in this snippet you have not enabled. This behavior
isn’t something I’m able to replicate with the 1.7.6/1.0.
using openssl101j, I get the same results with the following in both my
vhost config and nginx.conf
ssl_protocols TLSv1.2 TLSv1.1;
ssl_ciphers
EECDH+aRSA+AESGCM:EECDH+aRSA+AES:EDH+aRSA+AESGCM:EDH+aRSA+AES:DES-CB
C3-SHA:!EXP:!CAMELLIA:!DSS:!MEDIUM:!LOW:!aNULL:!eNULL:!RC4;
ssl_prefer_se
Scott Larson Wrote:
---
> Something else must be going on here. Looking at your ssl_cipher
> string, you're opening with a rough declaration of specific ciphers
> you'll
> support, none of which should pull in RC4. It's specific enough in
> fact
>
Something else must be going on here. Looking at your ssl_cipher
string, you're opening with a rough declaration of specific ciphers you'll
support, none of which should pull in RC4. It's specific enough in fact
that your subsequent excluded ciphers don't even come into play. To test
this I sw
I can do this, but I guess my whole question was does this mean exclusion
bits are broken?
I'm personally partial to just outright declaring my supported ciphers
rather than using the exclusion bits. My personal server is aggressively
strict, the setup for our production gear is much less so.
what does cipherscan says?
https://github.com/jvehent/cipherscan
you can run that from the server nginx runs on
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254028,254082#msg-254082
___
nginx mailing list
nginx@nginx.org
http://mailman.ng
I'm personally partial to just outright declaring my supported ciphers
rather than using the exclusion bits. My personal server is aggressively
strict, the setup for our production gear is much less so. Either way it
allows me to know exactly what's available to clients.
For lunatics with DSA
I'm sure. I'm very, very sure the correct site is being tested.
On Thu, Oct 16, 2014 at 4:23 PM, mex wrote:
> hi,
>
> > >
> > > - make sure you are testing correct server.
> > >
>
>
> i'd suggest to configure an additional access/error-log
> in that server {} - block, to be 100% sure.
>
>
> re
hi,
> >
> > - make sure you are testing correct server.
> >
i'd suggest to configure an additional access/error-log
in that server {} - block, to be 100% sure.
regards,
mex
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254028,254077#msg-254077
_
Hi,
Everything is loading OK and nginx -t (or service nginx configtest) show
the config is ok and I am testing the correct server.
Another poster suggested upgrading openssl to 1.0.1j but I'd have to build
from source to do that and I'm not sure what affect it would have against
nginx
On Thu
Hello!
On Thu, Oct 16, 2014 at 03:40:44AM -0400, Jessica Litwin wrote:
> Hello
>
> I seem to have a bit of a problem. In my vhost's server {}; block, I have:
>
> ssl_ciphers
> EECDH+aRSA+AESGCM:EECDH+aRSA+AES:EDH+aRSA+AESGCM:EDH+aRSA+AES:DES-CBC3-SHA:!EXP:!CAMELLIA:!DSS:!MEDIUM:!LOW:!aNULL:
At least update your openssl to 1.0.1j and try again.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,254028,254032#msg-254032
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello
I seem to have a bit of a problem. In my vhost's server {}; block, I have:
ssl_ciphers
EECDH+aRSA+AESGCM:EECDH+aRSA+AES:EDH+aRSA+AESGCM:EDH+aRSA+AES:DES-CBC3-SHA:!EXP:!CAMELLIA:!DSS:!MEDIUM:!LOW:!aNULL:!eNULL:!RC4;
ssl_prefer_server_ciphers on;
but for some reason this doesn't seem
16 matches
Mail list logo
