I found where the problems was. I thought ssl options can be different in
virtual host. Default server settings was not overwritten.
server {
include conf/default-settings;
root /var/www;
server_name "";
ssl on;
ssl_certificate ssl/nmz_ssl.crt;
ssl
Check that you have run the same nginx, that you are trying to configure.
$ ps -fC nginx
wbr, Valentin V. Bartenev
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
I recompiled with default openssl lib (1.0.1e-3ubuntu1.2)
Default install path:
# nginx -V
nginx version: nginx/1.5.13
built by gcc 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu9)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/1.5.13
--conf-path=/etc/nginx/nginx.conf --error-log-pa
I think the problem is your nginx uses libssl version from your OS
(0.9.8/1.0.0).
On Wed, Apr 16, 2014 at 4:08 PM, B.R. wrote:
> Rather than posting raw outputs, try to understand the piece orf advice
> Maxim gave to you.
>
> I suspect those SSL-validation websites test websites... which corres
Rather than posting raw outputs, try to understand the piece orf advice
Maxim gave to you.
I suspect those SSL-validation websites test websites... which correspond
to a certain standard port.
I see a problem, don't you ?
---
*B. R.*
___
nginx mailing li
Maxim Dounin Wrote:
---
> It looks like you are testing something different, not nginx you
> are trying to configure. Check what is actually listening on the
> ip:port you are testing.
testssl.sh:
--> Testing HTTP Header response
HSTS
Hello!
On Wed, Apr 16, 2014 at 06:35:43AM -0400, Nemesiz wrote:
> Strange things are happening.
>
> nginx:
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>
> Results:
>
> ssllabs.com:
> TLS 1.2 No
> TLS 1.1 No
> TLS 1.0 Yes
> SSL 3 Yes
> SSL 2 No
>
> testssl.sh
Strange things are happening.
nginx:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Results:
ssllabs.com:
TLS 1.2 No
TLS 1.1 No
TLS 1.0 Yes
SSL 3 Yes
SSL 2 No
testssl.sh:
SSLv2 NOT offered (ok)
SSLv3 offered
TLSv1 offered (ok)
TLSv1.1 not offered
TLSv1.2
hi,
what is your os (name and version)?
where do you have the ciphers from bwt?
i'd suggest you test the tls-version yourself with testssl.sh
https://bitbucket.org/nginx-goodies/testssl.sh
(note: you need a current openssl-version on the machine you test
from)
regards,
mex
Posted at Ngin
I should clarify the the default for ssl_protocols is fine, to my
environment since we need to support SSLv3, if you don't I suggest make it
safer:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
On Tue, Apr 15, 2014 at 2:31 PM, Miguel Clara wrote:
>
> I have an nginx 1.5 install where I don't set the ss
I have an nginx 1.5 install where I don't set the ssl_protocols, because,
the defaults are fine:
---> "Since versions 1.1.13 and 1.0.12, nginx uses “ssl_protocols SSLv3
TLSv1 TLSv1.1 TLSv1.2” by default."
This is what I have find to be the best for ciphers, SSLLABS seems to like
it, I would even
Hello
I`m struggling with enabling tls1.1 and tls1.2. Some info:
NGINX:
# nginx -V
nginx version: nginx/1.5.13
built by gcc 4.8.1 (Ubuntu/Linaro 4.8.1-10ubuntu9)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx/1.5.13
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var
12 matches
Mail list logo
