Hello! On Tue, Jul 05, 2016 at 04:02:21PM +0200, Florian Reinhart wrote:
> Hi Maxim! > > That’s what I thought. However, all clients can access the nginx server on > the old Ubuntu 14.04 server, which uses the same config, > > I tested the following clients on OS X 10.11.5, all failed to connect: > > curl, installed from Homebrew: curl 7.49.1 (x86_64-apple-darwin15.5.0) > libcurl/7.49.1 OpenSSL/1.0.2h zlib/1.2.5 nghttp2/1.12.0 > Safari 9.1.1 (11601.6.17) > Chrome 51.0.2704.106 > Firefox 47.0.1 > > That’s why I don’t think it is a client issue. Yes, at least browsers are expected to support secp384r1, so it's probably something different. Which certificate do you use? Is it the same as on the old server? Such a situation can easily happen if the only certificate available is ECDSA one and uses, e.g., prime256v1 (not secp384r1), but only secp384r1 is enabled by the configuration. Looking into nginx error logs might also somewhat help to diagnose what goes on here. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
