1 |
>> I can probably dump a lot of apache config. I still need SSL on both |
2 |
>> servers even though only nginx faces the user? |
3 |
> |
4 |
> You don't need SSL at both. Only nginx is enough. |
5 |
> But to ensure nginx performs well at SSL, follow this - http://matt.io/entry/ur |
6 |
|
7 |
Thanks for the link. Which ssl_ciphers do you use? Which one does |
8 |
openssl show you're using? I have: |
9 |
|
10 |
ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!MEDIUM:!LOW:!EXP:!kEDH:RC4+RSA:+HIGH; |
11 |
|
12 |
and 'openssl s_client -host HOSTNAME -port 443' shows: |
13 |
|
14 |
Cipher : ECDHE-RSA-AES256-GCM-SHA384 |
15 |
|
16 |
I also get "Verify return code: 20 (unable to get local issuer |
17 |
certificate)" from that command but I'm guessing that's OK since I get |
18 |
the same when using www.google.com as the HOSTNAME. |
19 |
|
20 |
- Grant |