I installed Nginx and enabled SSL.
server {
server_name vorb.de;
listen 443;
root /var/www/vorb.de/pub;
ssl on;
ssl_certificate cert.pem;
ssl_certificate_key cert.key;
gzip on;
[…]
}
Everything is working so far. The only thing that annoys me is that Chrome shows that the Server is using SSL 3.0 when you click on the lock/https icon. This version of SSL is deprecated (see https://vorb.de). When I visit an error page, everything is OK, since it shows TLS 1.0 being used (see https://vorb.de/non-existing-page). I am running Debian 6 Squeeze, Nginx 0.7.67 and OpenSSL 0.9.8o.
Do you know, why this happens?
I completely reinstalled my system and am using Nginx 1.0.6 now. This worked, but is very time consuming.
I had similar problem, commenting below line helped fixing the error. Final code looked like below -
You can control the versions allowed by the server through the use of the
ssl_ciphers
directive.Something along these lines should get your server allowing TLS connections only:
As to why your browser negotiated different protocols on two different connections, I couldn't tell you.
Adding code between ssl_timeout and ssl_ciphers was enough to get 443 access
Furthermore, in my case the cert used was via openSSL so the connection wasn't necessarily "Secure" but this Did work for me
Credits to for init ssl_protocol workaround @Soman Dubey