1 |
>> Thanks for the link. Which ssl_ciphers do you use? Which one does |
2 |
>> openssl show you're using? I have: |
3 |
>> |
4 |
>> ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH; |
5 |
> |
6 |
> To see what openssl is configured to use try: |
7 |
> |
8 |
> openssl ciphers |
9 |
|
10 |
Thank you but I'm most interested in the ciphers which nginx is |
11 |
configured to use over https. |
12 |
|
13 |
>> and 'openssl s_client -host HOSTNAME -port 443' shows: |
14 |
>> |
15 |
>> Cipher : ECDHE-RSA-AES256-GCM-SHA384 |
16 |
>> |
17 |
>> I also get "Verify return code: 20 (unable to get local issuer |
18 |
>> certificate)" from that command but I'm guessing that's OK since I get |
19 |
>> the same when using www.google.com as the HOSTNAME. |
20 |
>> |
21 |
> This means that s_client is not pointed to the correct CApath for your |
22 |
> machine, or that the server's CA certificate is not in the local CApath. |
23 |
> |
24 |
> Try this first: |
25 |
> |
26 |
> openssl s_client -CApath /etc/ssl/certs/ -host www.google.com -port 443 |
27 |
|
28 |
It works without error that way, thank you. |
29 |
|
30 |
- Grant |