Hello! On Wed, Aug 14, 2013 at 06:56:32AM -0400, MKl wrote:
> Hello, > > to increase security of SSL I added some eliptic-curves-ciphers to the > chain. For HTTPS it's working fine, but for the mail proxy it does not work, > I only always get RC4-SHA instead of the ECDH ciphers. > See configuration at the end of this message. > > I'm testing it with: > openssl s_client -cipher 'ECDH:DH' -connect domain.de:443 > openssl s_client -cipher 'ECDH:DH' -connect imap.domain.de:993 > > The first command gives me a successful connection with ECDHE-RSA-RC4-SHA, > so for HTTPS the cipherlist is used. The second command fails with an error: > "sslv3 alert handshake failure", the IMAPS server does not provide ECDH > support. I used exactly the same ssl_cipher line for HTTPS and the mail > proxy. > > When using the following command without forcing any ciphers on the client I > can see that RC4-SHA is the "best" cipher that is supported and used: > openssl s_client -connect imap.domain.de:993 > > Anybody has an idea where the problem is? Looks like the problem fixed by this changeset: http://trac.nginx.org/nginx/changeset/32fe021911c9/nginx Should work fine in nginx 1.5.1+. [...] -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx