Hi... On Thu, Aug 25, 2022 at 12:59 PM Sergey Kandaurov wrote: > > > > On 25 Aug 2022, at 00:22, Fabiano Furtado Pessoa Coelho wrote: > > > > Hi... > > > > I'm using NGINX 1.22.0 with OpenSSL 3.0.5 in a Linux x86_64 server > > with one NIC and 2 IPs, with the following config: > > > > [...] > > Why I can't connect with TLS 1.0 or 1.1 on insecure.example.com? > > > > Is this an OpenSSL 3 issue? Does it work with OpenSSL 1.1.1? > > > > TLS 1.0 and 1.1 are de-facto disabled by default in OpenSSL 3.0+. > See for more details: https://trac.nginx.org/nginx/ticket/2250
Hi Sergey... Thanks for the help, but I have tried... "ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:@SECLEVEL=0;" and "ssl_ciphers DEFAULT:@SECLEVEL=0;" but, unfortunately, I still can't connect with TLS 1.0 and 1.1. :( Is there another "ssl_ciphers" where I could try? Thanks again. Fabiano Furtado _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
