On 10/02/2014 02:49 PM, Rob Stradling wrote:
Hi. Visit https://www.ssllabs.com/ssltest/viewMyClient.html and check out "Protocol
Details -> Signature algorithms". I expect you'll find that your browser doesn't
offer SHA512/RSA.
Judging from a recent discussion on the IETF TLS list [1], there
Hi. Visit https://www.ssllabs.com/ssltest/viewMyClient.html and check
out "Protocol Details -> Signature algorithms". I expect you'll find
that your browser doesn't offer SHA512/RSA.
Judging from a recent discussion on the IETF TLS list [1], there seems
to be some confusion over whether the
hi all,
indeed -- i generated a new set of certs and tested:
a signature of sha256 results in TLSv* begin offered
a signature of sha512 results in TLSv* _not_ being offered
certs with 4096 bit keys work fine
i suspect that there is a variable that is not long enough to support the
signature ..
On Wed, 2014-10-01 at 22:45 +0200, mayak wrote:
> On 10/01/2014 08:45 PM, Lukas Tribus wrote:
> >> btw, it seems impossible to have
> >>
> >> ...
> >> ssl_protocols TLSv1.2;
> >> ...
> >>
> >> and a testresult of
> >>
> >> SSLv2 NOT offered (ok)
> >> SSLv3 offered
> >> TLSv1 not offered
> >> TLSv1.
On 10/01/2014 08:45 PM, Lukas Tribus wrote:
btw, it seems impossible to have
...
ssl_protocols TLSv1.2;
...
and a testresult of
SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered
No, its very possible. A SSL_CTX_set_ssl_version() call can fail,
or t
> btw, it seems impossible to have
>
> ...
> ssl_protocols TLSv1.2;
> ...
>
> and a testresult of
>
> SSLv2 NOT offered (ok)
> SSLv3 offered
> TLSv1 not offered
> TLSv1.1 not offered
> TLSv1.2 not offered
No, its very possible. A SSL_CTX_set_ssl_version() call can fail,
or the call itself can be #
btw, it seems impossible to have
...
ssl_protocols TLSv1.2;
...
and a testresult of
SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 not offered
TLSv1.1 not offered
TLSv1.2 not offered
are you sure you have tested the right machine?
i'd suggest you run the testssl.sh - script against https://localho
On 10/01/2014 04:54 PM, Lukas Tribus wrote:
thanks for your note -- i totally forgot to give specifics:
- CentOS 6.5, x64, totally up2date
- OpenSSL 1.0.1e-fips 11 Feb 2013
- nginx-1.6.2-1.el6.ngx.x86_64 (from nginx repo)
- openssl-1.0.1e-16.el6_5.15.x86_64
- openssl-devel-1.0.1e-16.el6_5.15.x8
> thanks for your note -- i totally forgot to give specifics:
>
> - CentOS 6.5, x64, totally up2date
> - OpenSSL 1.0.1e-fips 11 Feb 2013
> - nginx-1.6.2-1.el6.ngx.x86_64 (from nginx repo)
> - openssl-1.0.1e-16.el6_5.15.x86_64
> - openssl-devel-1.0.1e-16.el6_5.15.x86_64
>
> i did rebuild your src rp
On 10/01/2014 02:33 PM, mex wrote:
this probably depends on the underlaying openssl-version from your os.
what does 'openssl version' says?
if you want nginx with newer openssl-version you can build a custom nginx
witth
openssl statically linked
https://www.mare-system.de/guide-to-nginx-ssl-spd
this probably depends on the underlaying openssl-version from your os.
what does 'openssl version' says?
if you want nginx with newer openssl-version you can build a custom nginx
witth
openssl statically linked
https://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#workaround-for-outdated-opens
hi all,
i have several nginx sites, and as i try to deploy ssl, i am having issues with
`ssl_protocols`
...
ssl on;
ssl_certificate /etc/x509V6/domain.crt;
ssl_certificate_key /etc/x509V6/domain.key;
ssl_session_cache off;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH
12 matches
Mail list logo
