Quantcast
Channel: Nginx Forum - Nginx Mailing List - English
Viewing all 7229 articles
Browse latest View live
↧

feature request: smtp auth passthrough (no replies)

December 31, 2013, 3:18 am
$
0
0
Hello,

sorry for that beforehand, but yes, I'm another newbie using (or at
least trying to use) NGINX in a mail proxy setup.
I read the wiki entries and docs beforehand... and I thought it just
works like that (passing auth to backend).
So actually I was rather shocked that authentication is not passed to
backend SMTP servers opposed to POP and IMAP backends.
As for our deployment, it would be a pain in the arse to import login
data from our backend servers.

So research a bit and at least I'm not the only one trying to use a
setup like this.

http://mailman.nginx.org/pipermail/nginx/2008-April/004234.html
https://www.ruby-forum.com/topic/1045106
http://mailman.nginx.org/pipermail/nginx/2010-February/019028.html
http://mailman.nginx.org/pipermail/nginx/2010-April/020027.html
http://mailman.nginx.org/pipermail/nginx/2010-November/023555.html
http://mailman.nginx.org/pipermail/nginx-devel/2012-April/002074.html

David Jonas even wrote a patch addressing this issue.
But as we only use official distribution packets, and also his patch is
for a quite old nginx version, that won't work for us.

Hence I kindly ask of you, also in the name of my predecessors and
everyone else looking for a solution like this, to implement a method
for passing smtp login information to the backend server in one of the
next versions.

Best regards and a happy new year!

Michael Both

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧
Search

Hiring a dev: nginx+interchange (1 reply)

December 31, 2013, 10:20 pm
$
0
0
Hello, I use a perl framework called interchange (icdevgroup.org) and
I've been using a perl module called Interchange::Link to interface
interchange to apache:

https://github.com/interchange/interchange/blob/master/dist/src/mod_perl2/Interchange/Link.pm

I'd like to switch from apache to nginx and I need to hire someone to
help me interface interchange to nginx. I don't need the interface to
include all of the features from Interchange::Link.

- Grant

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧
↧

Rewriteing awstats to base path (no replies)

January 1, 2014, 8:44 am
$
0
0
Hi,

I like to beautify my urls used for awstats.

Currently I have to use the following path for awstats
> /cgi-bin/awstats.pl?config=www.example.com
that works as expected.

For easier handling for our users I like to shorten the url to /www.example.com
I tried a simple rewrite like
> rewrite ^/www.example.com$ /cgi-bin/awstats.pl?config=www.example.com;

but I'll get the following error
> 2013/12/31 23:43:20 [error] 23736#0: *1 open() "/srv/awstats/dist/wwwroot/awstats.pl" failed (2: No such file or directory), client: ::ff:123.123.123.123, server: awstats.example.com, request: "GET /awstats.pl?config=www.example.com&framename=mainleft HTTP/1.1", host: "awstats.example.com", referrer: "http://awstats.example.com/www.example.com"

here is the full server block
> server {
> listen [::]:80;
> server_name awstats.example.com awstats7.example.com;
>
> root /srv/awstats/dist/wwwroot;
>
> auth_basic "Restricted";
> auth_basic_user_file /srv/awstats/.htpasswd;
>
> location ~ ^/cgi-bin/awstats\.pl {
> include fastcgi_params;
> fastcgi_pass unix:/var/run/php5-fpm.sock;
> fastcgi_param SCRIPT_FILENAME /srv/awstats/dist/tools/nginx/awstats-fcgi.php;
> fastcgi_param X_SCRIPT_FILENAME $document_root$fastcgi_script_name;
> fastcgi_param X_SCRIPT_NAME $fastcgi_script_name;
> }
>
> rewrite ^/awstats/(.*)$ /cgi-bin/$1;
> rewrite ^/www.example.com$ /cgi-bin/awstats.pl?config=www.example.com;
>
> location = /robots.txt { return 200 "User-agent: *\nDisallow: /\n"; }
> }

Desired url http://awstats.example.com/www.example.com

Probably I didn't fully understand the rewrite rules.

Hopefully you can help!

Best regards
moe

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧

How do i get the request body ? (1 reply)

January 2, 2014, 7:42 pm
$
0
0
Hello guys,

I'm developing a nginx module, the intent is to get the request body, then write some response depends on what request body is.
I've called the method ngx_http_read_client_request_body (r, ngx_http_myModule_handler);

Since this code, i want to get the real request body in ngx_http_myModule_handler()
Here are my codes ...

void ngx_http_myModule_handler(ngx_http_request_t *r)
{
ngx_http_finalize_request(r, NGX_DONE);

if(!(r->request_body->bufs == NULL)){
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "request is not empty.");

}
}

the questions is , how can i get the r->request_body->bufs to char * ?
↧

nginx rewrite configuration (no replies)

January 2, 2014, 6:28 am
$
0
0
hi! i'm newbie so having a hard time!
I have a question about rewrite configure in nginx!

RULE is http://URL/[option]/http://URL .

I mean...
for example,

if request is http://aaa.net/25X25/http://bbb.net/ccc.jpg ,
rewrite is /25X25/bbb.net.jpg

should i use regular expression?
please help me!

thank you :D
↧
↧

Nginx not starting with named pipe (fifo) for access_log (-1 replies)

January 3, 2014, 2:12 pm
$
0
0
Heya,

there seems to be a issue with Nginx and named pipes (fifo).

Tested nginx versions:
- 1.1.19 (Ubuntu 12.04.3 LTS amd64)
- 1.4.4 (Ubuntu 12.04.3 LTS amd64 with PPA
https://launchpad.net/~nginx/+archive/stable )
- 1.4.4 (CentOS 6.5 amd64 with repo
http://nginx.org/packages/centos/$releasever/$basearch/ )

Issue description:
As soon as a named pipe is defined as access_log, nginx refuses to
start. It just stales during the start and that's it. The only you can
do is kill the process.
The named pipe has been created with: mkfifo -m 0666 /var/log/test.log

I have tested 2 versions of Nginx (1.1.19, 1.4.4) using Ubuntus
repository. Different locations and different permissions of the named
pipe have been tried, didn't help.
Other programs work just fine with the named pipe, only Nginx seems to
refuse it.

Configuration:
--snip--
http {
[...]
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
access_log /var/log/test.log;
[...]
}
--snap--

strace output:
--snip--
[...]
open("/var/log/nginx/access.log", O_WRONLY|O_CREAT|O_APPEND, 0644) = 5
fcntl(5, F_SETFD, FD_CLOEXEC) = 0
open("/var/log/nginx/error.log", O_WRONLY|O_CREAT|O_APPEND, 0644) = 6
fcntl(6, F_SETFD, FD_CLOEXEC) = 0
open("/var/log/test.log", O_WRONLY|O_CREAT|O_APPEND, 0644
[ CTRL+C ]
--snap--


Did anyone else experience such behavior? I tried searching for it but
couldn't find anything, only people seeming to successfully use named
pipes (eg. in conjunction with syslog-ng).

Cheers,
Sven



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧

dynamic rate limiting per ip (no replies)

January 2, 2014, 12:54 pm
$
0
0
Hello Folks,

i have some setup with multiple server and i offer downloads for the users, in the case my servers bandwidth is overloaded i want the people to be able to start the download but with limited rate so the don't have to wait in some kind of queue till the get there downloadlink. As soon as some slots frees the person highest in the queue download rate should increase to the max.

Any Ideas if this is possible with the limit_rate of the http core module and lua?

If it would be possible to make 2 zone dicts where the ips of the the slow and fast connections are in. And if someone ratelimit is dropped his ip gets removed from the slow dict and added to the fast dict.

https://github.com/chaoslawful/lua-nginx-module#ngxshareddict
↧

OCSP validation of client certificates (no replies)

January 2, 2014, 2:03 pm
$
0
0
Hi Forum,
I see that nGinx supports configuration to perform OCSP validation of server side certificates and staple the validation response to the client. My question is whether nGinx supports OCSP validation of client presented certificates.

I seem to hit a dead end with documentation for that question. Would be helpful if someone could answer this.

Thanks in advance for your time.
↧
Search

How would nginx record client IP address under TCP Multipath? (2 replies)

January 3, 2014, 12:12 am
$
0
0
Hello,

Since iOS7 supports TCP Multipath now, I think more and more devices will
start support it.

But TCP Multipath allows many client IPs connected to the same server,
suppose Nginx in this case, how would access_log record all of the IPs?

Just curious question :)
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧
↧

-rpath linker option? (1 reply)

January 3, 2014, 5:40 am
$
0
0
I'm having trouble with dll hell on Debian and Ubuntu with OpenSSL.
Debian and Ubuntu insist on runtime linking with the copy in /usr/lib.
Fedora and Red Hat are OK because they don't use OpenSSL by default,
so they are not present in /usr/lib.

I've tried specifying a rpath in ld options:

--with-ld-opt="-rpath=$OPENSSL_LIB_DIR -ldl"

That results in:

checking for C compiler ... found
+ using GNU C compiler
checking for --with-ld-opt="-rpath=/usr/local/ssl/lib -ldl" ... not found
./auto/configure: error: the invalid value in
--with-ld-opt="-rpath=/usr/local/ssl/lib -ldl"

The path is valid:

$ ls /usr/local/ssl/lib
engines libcrypto.so libssl.a libssl.so.1.0.0
libcrypto.a libcrypto.so.1.0.0 libssl.so pkgconfig

LD_LIBRARY_PATH and LD_PRELOAD tricks don't work because they are
dropped when running as root.

Any ideas how to proceed?

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧

SSL handshake fail between nginx and my tomcat with mutual authentication (no replies)

January 3, 2014, 1:35 am
$
0
0
Hi All,

I am using Nginx 1.4.4 as reverse proxy for my tomcat server. My problem is: SSL handshake failed between Nginx and tomcat with mutual SSL authentication. I have verified that Client to Nginx with mutual SSL is working. But if my upstream backend is also using https:mutual port, the path will fail with error:
[error] 1816#3436: *23 SSL_do_handshake() failed (SSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:SSL alert number 42) while SSL handshaking to upstream, client: xx.xx.xx.xx, server: xx.xxx.xxx.xxx, request: "GET / HTTP/1.1", upstream: "https://xx.xx.xx.xx:8082/", host: "xx.xx.xx.xx:8002"

My upstream server https://xx.xx.xx.xx:8082 is using mutual SSL and working perfectly without Nginx.
the Nginx host https://xx.xx.xx.xx:8002 is using mutual SSL and also working perfectly without the upstream mutual ssl or with only http port.
The problem is: when both Nginx and upstream require mutual SSL, and I would like to pass the client certificate to Nginx then to my upstream server, the SSL handshake error occurs.

I have tried to add client cert in headers, but no luck. Here is part of my nginx config
####
server {
listen xx.xx.xx.xx:8002;
server_name xx.xx.xx.xx;

ssl on;
ssl_certificate C:/nginx-1.4.4/cert/MyServer.crt;
ssl_certificate_key C:/nginx-1.4.4/cert/MyServer.key;

ssl_client_certificate C:/nginx-1.4.4/cert/MyCA.pem;
ssl_trusted_certificate C:/nginx-1.4.4/cert/MyCA.pem;

ssl_prefer_server_ciphers on;
ssl_verify_client on;
ssl_verify_depth 3;
ssl_protocols SSLv2 SSLv3 TLSv1;

access_log C:/nginx-1.4.4/logs/access_8002.log;
error_log C:/nginx-1.4.4/logs/error_8002.log debug;

root html;
index index.html index.htm;

location / {
proxy_pass https://10.128.103.47:8082/;
proxy_redirect default;
proxy_set_header Host $host:$server_port;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Client-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Client-Cert $ssl_client_cert;
proxy_set_header X-SSL-Client-Serial $ssl_client_serial;
proxy_set_header X-SSL-Client-Verify $ssl_client_verify;
proxy_set_header X-SSL-Client-S-DN $ssl_client_s_dn;

}
}

Is this usage supported by Nginx?
I would be very grateful if someone can point me some clues or suggestions.

Thanks and Best Regards,
Flash008
↧

nginx ssl handshake vs apache (no replies)

January 3, 2014, 6:48 am
$
0
0
Hi
I was watching this video by fastly ceo http://youtu.be/zrSvoQz1GOs?t=24m44s
he talks about the nginx ssl handshake versus apache and comes to the
conclusion that apache was more efficient at mass handshakes due to
nginx blocking while it calls back to openssl

I was hoping to get other people's opinion on this and find out if what
he says is accurate or not

Many thanks
Richard

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧

Does it possible to submit duplicated request with the proxy_next_upstream on (no replies)

January 3, 2014, 7:04 am
$
0
0
Hi all:
I am wondering if I set:
proxy_next_upstream error timeout;
Fox example , if the requested service is a counter , I issue the request use the interface http://example.com/incr . The request is failed on my first host A, then it is passed to the second host B , is the counter likely be added twice ?

thanks .
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧
↧

mainline does not include gzip module? (3 replies)

January 3, 2014, 5:53 pm
$
0
0
i just replaced a stable install with the mainline version (1.5.8) and noticed that the outputted files are not being gzipped.
i ran nginx -V and do not see any arguments that enable gzip.
is there a reason why the stable version included gzip and this mainline does not?
do i need to manually build nginx to include the gzip module?
if so, does that mean i need to rebuild nginx every time there is a new update?
thanks
↧

Very slow dns lookup using proxy_pass (2 replies)

January 3, 2014, 8:11 pm
$
0
0
I am seeing very slow DNS lookup times ( > 2 seconds ) using proxy_pass, even though dig response times on the server are quick. Here is the nginx configuration block:

location ~ ^/v1/(?<url>.*) {
resolver 8.8.4.4 4.4.4.4 valid=300s;
resolver_timeout 10s;
proxy_pass https://$remote_user.mydomain.com/api/;
proxy_hide_header Vary;
proxy_set_header X-Real-IP $remote_addr;
proxy_connect_timeout 10s;
proxy_read_timeout 60s;
proxy_ssl_session_reuse on;
}

I am using Google Public DNS. Here is a result from: dig demo.mydomain.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> demo.mydomain.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37997
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;demo.mydomain.com. IN A

;; ANSWER SECTION:
demo.mydomain.com. 299 IN A X.X.X.X

;; Query time: 187 msec
;; SERVER: 8.8.4.4#53(8.8.4.4)
;; WHEN: Fri Jan 3 19:40:32 2014
;; MSG SIZE rcvd: 50

Any ideas why this is so slow, and solutions?
↧
Search

CentOS Nginx Installer(include PHP-FTP,MYSQL) add website no need restart Nginx (no replies)

January 3, 2014, 10:18 pm
$
0
0
Some of our clients are not good at SSH command, they just want an easy way to run their websites. Most of them are less then 1GB memory VPS and don't want install control panel.

For this purpose, we wrote a CentOS Nginx Installer script for "Nginx+PHP+MySql+phpMyAdmin"

What's you need to do is: Copy and post/run below single command line via SSH root login. wait 5-15 minutes(depending on the software download speed from your server), Everything is Done!

############ Automatically install command line ############


wget -O /tmp/npmp.sh https://raw.github.com/ComfortVPS/Nginx-PHP-MySql-phpMyAdmin/master/install-nginx-php-mysql.sh; sh /tmp/npmp.sh;


############ Installation Requirement ############

CentOS 5.x/6.x 32bit or 64bit ( We recommend you Reload OS before run the installer )

Guarantee Memory >= 128MB

Free Disk space >=2GB


############ Fetures ############


You can add multiple websites directly via SFTP, no need to login SSH, no need to restart Nginx

You can easily custom config each website domain's Nginx config file if you need

Installed the newest stable version of Nginx, PHP-FPM, MySql by YUM

phpMyAdmin4.x installed and ready for use. Just login and manage mysql database as you want

Work perfectly for low memory VPS with ram >= 128MB

Many tutorials for how to use

Get your password after everything installed

Your SSH console screen will show something like below after successfully installed, Please record your password. The unique password was random generated by openssl, no need to change.


############ Information you will get after installation (below is an example) ############


====== Nginx + PHP-FPM + MYSQL Successfully installed
====== MySql root password is cft.KL7fvW2g
====== SFTP Username is myweb
====== SFTP Password is cft.KL7fvW2g
====== Website document root is /www/yourdomain

====== Add websites tutorials: http://goo.gl/sdDF9
====== Now you can visit http://your-ip-address/

====== Eg. http://50.3.62.173/
====== phpMyAdmin: http://50.3.62.173/phpMyAdmin4U/

====== More tutorials: http://goo.gl/tNFb0


############ How to add multiple websites via SFTP ? ############


Step 1, Create a domain name directory under /www via SFTP, eg, yourdomain.com, subdomain.abc.com, domain-name.net

Step 2, Everything is Done, Config Nginx virtual host is finish, upload your php/html files to that directory then test it.



############ More tutorials ############

http://goo.gl/tNFb0

We will continue to write more tutorials for how to use it.
↧

issue with `default_type` & `type` on 1.5.7 (no replies)

January 5, 2014, 5:14 am
$
0
0
I recently encountered an issue with a 1.5.7 branch on OSX. i did not check 1.5.8

The following code will set ALL css/js files as the default_type

include /usr/local/nginx/conf/mime.types;
default_type application/octet-stream;


The following code works as intended

default_type application/octet-stream;
include /usr/local/nginx/conf/mime.types;

I haven't had time to test on other versions.

This could be the intended behavior, but the docs don't suggest that. usually a default_type only applies when the real type can't be found.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧
↧

OT: Crypto Hardening Guide (nginx has an entry) (no replies)

January 5, 2014, 5:14 am
$
0
0
For administrators interested in SSL/TLS protocols and ciphers
settings, the following may be useful. It also looks like the
[possibly influenced] US stuff was removed.

https://bettercrypto.org/static/applied-crypto-hardening.pdf

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧

agentzh's encrypted session module (no replies)

January 5, 2014, 5:20 am
$
0
0
I've been studying agentzh's encrypted session module from
https://github.com/agentzh/encrypted-session-nginx-module/tree/master/src.

There are essentially two methods: one to encrypt values, and a second
to decrypt modules. The functions to do so are
ngx_http_set_encode_encrypted_session and
ngx_http_set_decode_encrypted_session. The functions call
ngx_http_encrypted_session_aes_mac_encrypt and
ngx_http_encrypted_session_aes_mac_decrypt respectively.

The problem I am having is: I cannot tell how this is plumbed into
nginx framework such that a value is encrypted going one way, and
decrypted going another. From the module, I clearly see the command:


Can anyone shed some light on the magic I am missing?

Thanks in advance.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧

Centos 6.5 and ECDH ciphers in nginx.org Centos repo (4 replies)

January 6, 2014, 4:56 am
$
0
0
Hi

In Centos 6.5 (and RHEL 6.5) the ECDH ciphers were enabled. There appears to be an issue with the nginx.org 1.5.8 Centos binaries still not having support for ECDHE despite having updated openssl 1.01e with elliptic curves.

If I compile from source, ECDH works fine. Is there something wrong with the centos binaries?

Ciphers on Centos 6.5:

[nick@dev9145 conf.d]$ openssl ciphers
ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-DSS-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-DSS-CAMELLIA256-SHA:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES256-SHA:AES256-GCM-SHA384:AES256-SHA256:AES256-SHA:CAMELLIA256-SHA:PSK-AES256-CBC-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-DES-CBC3-SHA:DES-CBC3-SHA:PSK-3DES-EDE-CBC-SHA:KRB5-DES-CBC3-SHA:KRB5-DES-CBC3-MD5:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA:DHE-RSA-SEED-SHA:DHE-DSS-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-DSS-CAMELLIA128-SHA:ECDH-RSA-AES128-GCM-SHA256:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDH-RSA-AES128-SHA:ECDH-ECDSA-AES128-SHA:AES128-GCM-SHA256:AES128-SHA256:AES128-SHA:SEED-SHA:CAMELLIA128-SHA:IDEA-CBC-SHA:PSK-AES128-CBC-SHA:KRB5-IDEA-CBC-SHA:KRB5-IDEA-CBC-MD5:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:RC4-SHA:RC4-MD5:PSK-RC4-SHA:KRB5-RC4-SHA:KRB5-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:KRB5-DES-CBC-SHA:KRB5-DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-KRB5-RC2-CBC-SHA:EXP-KRB5-DES-CBC-SHA:EXP-KRB5-RC2-CBC-MD5:EXP-KRB5-DES-CBC-MD5:EXP-RC4-MD5:EXP-KRB5-RC4-SHA:EXP-KRB5-RC4-MD5

ECDHE test:
openssl s_client -tls1_2 -cipher ECDH -connect 127.0.0.1:443
CONNECTED(00000003)
139798957754184:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1256:SSL alert number 40
139798957754184:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:596:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
…


Thanks
-Nick
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
↧
Viewing all 7229 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>