Hello All, I found some strange behavior while troubleshooting a connectivity issue today. Below was the scenario.
* Upstream Backend configured to allow TLSv1.1 and TLSv1.2 * Client (nginx) configured with proxy_ssl_protocols TLSv1 TLSv1.2 No matter the ordering of nginx proxy_ssl_protocols TLSv1 was always attempted first and the handshake would fail. Once I added TLSv1.1 it caused TLSv1.2 to be attempted first which would be successful to the Server. Is this a bug? I always assumed that nginx would default to highest supported protocol outbound; but it seems that "TLSv1 TLSv1.2" might introduce some sort of strange ordering issue. We're using openresty 1.11.2.1.1 which internally uses nginx 1.11.2. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271984,271984#msg-271984 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
