On 2 Oct2013, at 15:08 , Vahan Yerkanian <[email protected]> wrote: > On Oct 2, 2013, at 9:57 AM, justin <[email protected]> wrote: > >> I don't compile nginx, I get it from the official CentOS repo: >> >> [nginx] >> name=nginx repo >> baseurl=http://nginx.org/packages/centos/6/$basearch/ >> gpgcheck=0 >> enabled=1 >> > > That's your problem, that version doesn't support ECDHE.
nginx itself has no ciphers support, it depend on openssl. RHEL/CentOS version of openssl lacks elliptic curve ciphers, it is explicitly striped from rpm (https://bugzilla.redhat.com/show_bug.cgi?id=319901), and ECDHE is unavailable on RHEL/CentOS with default openssl. So either change/rebuild openssl rpm, rebuild nginx with statically linked openssl or use another linux distribution. You could list and check available ciphers by: openssl cipher -v _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
