On Mon, Aug 15, 2016 at 3:04 PM, Lukas Tribus <luky...@hotmail.com> wrote:
> > For that I need to disable forward secrecy (since it is only a test > > environment security is not an issue) > > > > So I changed the "ssl_ciphers" in my /sites-enabled/default file from: > > > > ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; > > into > > ssl_ciphers "AES128-SHA"; > > This cannot work, HTTP/2.0 only always certain ciphers [3]. The fact the > it works in Apache means Apache violates the RFC. > > Also see nginx manual [4]. > That is a wrong assumption and an inadequate blame on Apache. The list you are mentioning and which is directly linked in the nginx example you referenced (RFC 7540, Appendix A <https://tools.ietf.org/html/rfc7540#appendix-A>) uses the MAY keyword, defined as 'truly optional'. nginx has made the choice of strictly following RFC advice, but technology who don't make no violation *per se*. > [3] http://http2.github.io/http2-spec/#TLSUsage > [4] http://nginx.org/en/docs/http/ngx_http_v2_module.html#example Thus, this configuration *can* work and the problem is definitely elsewhere (cf. Valentin message for example). --- *B. R.*
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
