Сейчас идёт тестирование на CentOS 5.2 Установил CURL [root@nginx-test nginx]# curl --version curl 7.37.1 (x86_64-unknown-linux-gnu) libcurl/7.37.1 =========================================
если ssl_protocols TSLv1 или ниже - то всё ок то коннект есть: ================================================================== [root@nginx-test nginx]# openssl s_client -host nginx-test -port 443 CONNECTED(00000003) depth=1 C = RU, ST = RO, L = Rostov-on-Don, O = IT, OU = admin, CN = rootCA, emailAddress = [email protected] verify return:1 depth=0 C = RU, ST = RO, L = Rostov-on-Don, O = IT, OU = admin, CN = serverCert, emailAddress = [email protected] verify return:1 --- Certificate chain 0 s:/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=serverCert/[email protected] i:/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/[email protected] 1 s:/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/[email protected] i:/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/[email protected] --- Server certificate -----BEGIN CERTIFICATE----- MIICbDCCAdUCAQEwDQYJKoZIhvcNAQEFBQAwfDELMAkGA1UEBhMCUlUxCzAJBgNV BAgMAlJPMRYwFAYDVQQHDA1Sb3N0b3Ytb24tRG9uMQswCQYDVQQKDAJJVDEOMAwG A1UECwwFYWRtaW4xDzANBgNVBAMMBnJvb3RDQTEaMBgGCSqGSIb3DQEJARYLeHh4 QHh4eC5jb20wHhcNMTQwODA3MTE0NTE1WhcNMTUwODA3MTE0NTE1WjCBgDELMAkG A1UEBhMCUlUxCzAJBgNVBAgMAlJPMRYwFAYDVQQHDA1Sb3N0b3Ytb24tRG9uMQsw CQYDVQQKDAJJVDEOMAwGA1UECwwFYWRtaW4xEzARBgNVBAMMCnNlcnZlckNlcnQx GjAYBgkqhkiG9w0BCQEWC3h4eEB4eHguY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GN ADCBiQKBgQCegO3ddTQ9dm5wxMA51/6AiNnv+QWJK9bFpotI9VC7D7NtPVUzn8+Q dbwoZ7cz7I2i8Mvy/rICMW8ugNHxxsOXwz8/E57UcN0Eo9nAst01ozqEf1xUWQFc XwnJlJckNon1T7U7o7vWZbQ/aDwumJQeFTDvgxG0eoICW0nToQbJZQIDAQABMA0G CSqGSIb3DQEBBQUAA4GBAIfggJ542ulFtibbOM/DGeuoxQe1pukoD8QdqWpXHyUm ogbh+4/L/PF23EcGVNUJBH87yhblVXmSBsDnS2IZ7YuNAuwkrzmlVnh66e5qCx+M 0pOPnJoM+scDTDZW7sK7ImVh8XsNGrcXs7bRyWPajiDRRy4i3cU8CdVmUDpu9wX4 -----END CERTIFICATE----- subject=/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=serverCert/[email protected] issuer=/C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/[email protected] --- Acceptable client certificate CA names /C=RU/ST=RO/L=Rostov-on-Don/O=IT/OU=admin/CN=rootCA/[email protected] Server Temp Key: DH, 1024 bits --- SSL handshake has read 2051 bytes and written 513 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 1024 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 56098C9259B6B7791C769AC0923D370B31C0D001D337006698BC200E8A773D60 Session-ID-ctx: Master-Key: 6ACBB550AEE71E4152924A3273CC458305F3909A7DC656B9C4AB66210A41939E1A3E349CD81ACD7C919727E3973B2156 Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1407416980 Timeout : 300 (sec) Verify return code: 0 (ok) --- ============================================================================== В Opera и IE также нормально работают с сайтом. Проблемы Chrome - это его проблемы и буду писать в их саппорт если прижмёт. Хотя пробовал и с именованым сайтом и с вызовами напрямую через IP. но вот если ssl_protocols TSLv1.1 или выше - то : ============================================================================== [root@nginx-test nginx]# openssl s_client -host nginx-test -port 443 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 303 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE --- ================================================================== Posted at Nginx Forum: http://forum.nginx.org/read.php?21,252280,252385#msg-252385 _______________________________________________ nginx-ru mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-ru
