Hi,
Did I add or remove the wrong ciphers for http2, and are they in the correct
order? I found plenty of different documents on the Internet. Since mine is
now broken, I should ask here :) Any ideas?
Error message from Chrome:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
My nginx.conf has,
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_session_cache shared:SSL:15m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
The vhost has http2 switched on with TLS 1.2 only:
server {
listen 443 ssl http2;
...
ssl_prefer_server_ciphers On;
ssl_protocols TLSv1.2;
ssl_session_timeout 8m;
ssl_ecdh_curve secp521r1;
…
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;
preload";
add_header Referrer-Policy "no-referrer";
}
Sophie
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
