maybe you ask the person who creates the packages how nginx was build, which
openssl-version applies etc pp.
can you execute "openssl version" on the server nginx runs on?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243341,243351#msg-243351
_
I don't compile nginx, I get it from the official CentOS repo:
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/centos/6/$basearch/
gpgcheck=0
enabled=1
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243341,243350#msg-243350
___
ngi
how did you compiled nginx, with openssl-sources via
--with-openssl=/path/to/sources ?
i could imagine that, if not, your (outdated) distros openssl-dev might be
used.
i have this issue when compiling nginx on debian; i have to download openssl
and
point nginx where to find the sources
but since
hmm, looks like some mismatch: in yoiur config you define ECDH, but in your
screenshot
i see DH configured (please compare your screenshot with the ssllabs-link i
provided, esp.
the cipher-suites/handshake - part.
should be:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 30
Comparing the result from makepw.com and my site, I am missing the following
cipher suites:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH 256 bits (eq. 3072
bits RSA) FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH 256 bits (eq. 3072
bits RSA) FS 128
TLS_ECDHE_RSA_WITH_A
Sucks the forum software cutting of the cipher list string, here is what I
am using in a gist:
https://gist.github.com/nodesocket/8d4cc41c91466ae17b80
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243341,243346#msg-243346
___
nginx mailing
I tried what was recommended by
(http://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#perfect-forward-secrecy):
But still missing: IE 11 / Win 8.1 (FAIL)
IE 8-10 / Win 7 (NO FS)
IE 7 / Vista (NO FS)
Here is my exact config:
ssl_prefer_se
btw, check the following for a reference for PFS-setup:
https://www.ssllabs.com/ssltest/analyze.html?d=makepw.com
ssl-settings are:
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers
EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECD
Hi justin,
> even though I am using all the recommend settings.
which recommended settings? recommended by whom?
i learned that, from ssllabs-view, only the cipher-suites recommended by
ivan ristic seem to work:
http://www.mare-system.de/guide-to-nginx-ssl-spdy-hsts/#perfect-forward-secrecy
all
what is your problem then?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,243340,243342#msg-243342
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
On ssllabs.com I am getting the following, even though I am using all the
recommend settings.
http://i.imgur.com/TlsKMzP.png
Here are my nginx settings:
ssl_prefer_server_ciphers on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SH
Hi,
My domain.com is on ip: x.x.x.x
where I have a configuration like:
server {
server_name sub.domain.com;
location / {
proxy_pass http://y.y.y.y;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded
On 1 October 2013 22:57, Ian Hobson wrote:
> On 01/10/2013 20:36, Jonathan Matthews wrote:
>
> To be fair, chap, you're the one who has access to the log files! What
> do *they* say?
>
> They tell me nothing new.
You get a 500 in your *access* log and a simultaneous entry in your
*error* log does
On Tue, 2013-10-01 at 22:57 +0100, Ian Hobson wrote:
> On 01/10/2013 20:36, Jonathan Matthews wrote:
>
> > To be fair, chap, you're the one who has access to the log files! What
> > do *they* say?
> They tell me nothing new.
>
> When I change a static file, I get a 500 error on the next static f
On 01/10/2013 20:36, Jonathan Matthews wrote:
To be fair, chap, you're the one who has access to the log files! What
do*they* say?
They tell me nothing new.
When I change a static file, I get a 500 error on the next static file I
request - even if it is not the file I have changed.
Sometime
On 1 October 2013 17:52, Ian Hobson wrote:
> Hi All,
>
> I have an nginx install with the configuration below.
>
> The server is a linux VM running under Virtual Box on my windows machine.
> The website / directory is made available as a sharename using Samba, which
> I connect to from Windows, so
Hello Nginx users,
Now available: Nginx 1.5.6 for Windows http://goo.gl/Bffumh (32-bit and
64-bit versions)
These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are at
nginx.org.
Announcements are also availab
Hi All,
I have an nginx install with the configuration below.
The server is a linux VM running under Virtual Box on my windows
machine. The website / directory is made available as a sharename using
Samba, which I connect to from Windows, so I can edit the files. I edit
in windows, using fami
Hi!
I have seen this question has been asked before in the list, but
unfortunately there haven't been any answers, so let's see if I have
more luck :)
In can successfully upgrade the nginx binary on the fly as documented here:
http://wiki.nginx.org/CommandLine#Upgrading_To_a_New_Binary_On_The
On Tuesday 01 October 2013 11:12:41 Grant wrote:
> >> It works if I specify the full path for the alias. What is the
> >> difference between alias and root? I have root specified outside of
> >> the server block and I thought I could use alias to avoid specifying
> >> the full path again.
> >
>
Changes with nginx 1.5.6 01 Oct 2013
*) Feature: the "fastcgi_buffering" directive.
*) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers"
directives.
Thanks to Piotr Sikora.
*) Feature: optimization of SSL handshakes when
On Sunday 29 September 2013 23:20:35 B.R. wrote:
[...]
> For
>
> what you wish to do, you might try the following:
>
> set $rootDir /var/www/localhost/htdocs
> root $rootDir/;
> location / {
> alias $rootDir/webalizer/;
> }
>
> alias is meant for exceptional overload of root in a location
Seems I'm answering my own question but it leads to another. This is not
really an issue with CHROME the problem is that I had fiddler running while
I was trying to bring up my app. So it is actually fiddler that causes the
errors. I also have issues with IE when I'm running fiddler jsut didn't
I am receiving 'peer closed connection in SSL handshake (104: Connection
reset by peer) while SSL handshaking, client: 168.166.124.xxx, server:
54.225.xx.xx'
When I try to access an application through my nginx reverse proxy using
CHROME. IE seems to work but Chrome recieves this error everytime.
I have decided to release an in-house module that I have been using for my
hosting company. A full explanation of the goals of the module is available
in the README.
https://github.com/aschlosberg/ngx-shared-env
I am well aware that this module introduces (minor) additional per-request
overheads.
>> It works if I specify the full path for the alias. What is the
>> difference between alias and root? I have root specified outside of
>> the server block and I thought I could use alias to avoid specifying
>> the full path again.
>
> http://nginx.org/en/docs/http/ngx_http_core_module.html#alia
26 matches
Mail list logo