Home / server / Questions / 380727
Accepted
Gajus
Asked: 2012-04-19 06:58:54 +0800 CST

No common encryption algorithm(s) (ssl_error_no_cypher_overlap)

  • 772

My clients are reporting this error. I cannot reproduce it. What's more, I cannot detect any flaws: http://www.digicert.com/ http://www.ssltest.net/ https://www.ssllabs.com/ssldb/ all report dev.anuary.com to have a valid cert. I've Google(ed) for ssl_error_no_cypher_overlap, but none of the threads provided any useful guidance.

Cannot communicate securely with peer: no common encryption algorithm(s)

(Error code: ssl_error_no_cypher_overlap)
ssl openssl

2 Answers

  1. Best Answer

    As it turns out the issue was that:

    Since version 1.0.5, nginx uses “ssl_protocols SSLv3 TLSv1” and “ssl_ciphers HIGH:!aNULL:!MD5” by default

    (http://nginx.org/en/docs/http/configuring_https_servers.html#chains)

    I've added the following to my settings and it works.

    ssl_protocols        SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers          HIGH:!aNULL:!MD5;
    • 3

  2. So, I'm seeing this:

    $ sslscan --no-failed dev.anuary.com
               _
       ___ ___| |___  ___ __ _ _ __
      / __/ __| / __|/ __/ _` | '_ \
      \__ \__ \ \__ \ (_| (_| | | | |
      |___/___/_|___/\___\__,_|_| |_|

              Version 1.8.2
         http://www.titania.co.uk
    Copyright Ian Ventura-Whiting 2009

Testing SSL server dev.anuary.com on port 443

  Supported Server Cipher(s):
    Accepted  TLSv1  256 bits  DHE-RSA-AES256-SHA
    Accepted  TLSv1  256 bits  AES256-SHA
    Accepted  TLSv1  128 bits  DHE-RSA-AES128-SHA
    Accepted  TLSv1  128 bits  AES128-SHA
    Accepted  TLSv1  168 bits  EDH-RSA-DES-CBC3-SHA
    Accepted  TLSv1  168 bits  DES-CBC3-SHA
    Accepted  TLSv1  128 bits  RC4-SHA

  Prefered Server Cipher(s):
    TLSv1  128 bits  RC4-SHA

    Is it possible the client can't do TLSv1?

    • 2