no, not that domain. i'll contact you off-list :D On Fri, Oct 17, 2014 at 7:41 PM, Scott Larson <[email protected]> wrote:
> Just to be thorough, are you sure nginx is actually using the config > file that you think it is? If we’re talking about your personal domain I > see TLS 1.0 and SSL 3.0 available which in this snippet you have not > enabled. This behavior isn’t something I’m able to replicate with the > 1.7.6/1.0.1i combo. > > > > *__________________Scott LarsonSystems AdministratorWiredrive/LA310 823 > 8238 ext. 1106 <310%20823%208238%20ext.%201106>310 943 2078 > <310%20943%202078> faxwww.wiredrive.com > <http://www.wiredrive.com/>www.twitter.com/wiredrive > <http://www.twitter.com/wiredrive>www.facebook.com/wiredrive > <http://www.wiredrive.com/facebook>* > > On Oct 17, 2014, at 4:28 PM, Jessica Litwin <[email protected]> wrote: > > using openssl101j, I get the same results with the following in both my > vhost config and nginx.conf > > ssl_protocols TLSv1.2 TLSv1.1; > ssl_ciphers > EECDH+aRSA+AESGCM:EECDH+aRSA+AES:EDH+aRSA+AESGCM:EDH+aRSA+AES:DES-CB > C3-SHA:!EXP:!CAMELLIA:!DSS:!MEDIUM:!LOW:!aNULL:!eNULL:!RC4; > ssl_prefer_server_ciphers on; > > RC4 cipher is used with TLS 1.1 or newer protocols, even though stronger > ciphers are available. > > What the hell am I doing wrong? > > On Fri, Oct 17, 2014 at 6:14 AM, itpp2012 <[email protected]> wrote: > >> Scott Larson Wrote: >> ------------------------------------------------------- >> > Something else must be going on here. Looking at your ssl_cipher >> > string, you're opening with a rough declaration of specific ciphers >> > you'll >> > support, none of which should pull in RC4. It's specific enough in >> > fact >> > that your subsequent excluded ciphers don't even come into play. To >> > test >> > this I switched in my old RSA cert, rebuilt 1.7.6 against OpenSSL >> > 1.0.1j, >> >> Which is why I said try 101j, between 101e and j there are big differences >> when it comes to invalid fallbacks. >> Not even mentioning using 101e is asking to be hacked. >> >> Posted at Nginx Forum: >> http://forum.nginx.org/read.php?2,254028,254092#msg-254092 >> >> _______________________________________________ >> nginx mailing list >> [email protected] >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > > -- > Jessica K. Litwin > jessicalitwin.com > twitter: press5 > aim: press5key > skype: dr_jkl > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx > -- Jessica K. Litwin jessicalitwin.com twitter: press5 aim: press5key skype: dr_jkl
_______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
