Dear B. R.
It looks like this is a firefox isssue. With chomium 38 and curl and s_client I was able to connect. ########## openssl version -a OpenSSL 1.0.1 14 Mar 2012 built on: Thu Aug 7 13:42:02 UTC 2014 platform: debian-amd64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM /usr/sbin/nginx -c /etc/nginx/nginx.conf -V nginx version: nginx/1.7.4 built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6 ldd /usr/sbin/nginx linux-vdso.so.1 => (0x00007fff54dfe000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fdac5938000) libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007fdac56ff000) libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007fdac54c1000) libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fdac5263000) libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fdac4e88000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fdac4c70000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdac48b1000) /lib64/ld-linux-x86-64.so.2 (0x00007fdac5b63000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fdac46ad000) ldd $(which openssl) linux-vdso.so.1 => (0x00007fffdddfe000) libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fbd557c6000) libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fbd553eb000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fbd5502b000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fbd54e27000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fbd54c10000) /lib64/ld-linux-x86-64.so.2 (0x00007fbd55a32000) ######### cheers a l Am 16-08-2014 11:53, schrieb B.R.: > Hello, > > The error comes from OpenSSL. > > From its name, I wouldsay the constant being check is one that OpenSSL sets > during handshake. > From its name too, I wouls say this applies to a SSLv3 handshake. OpenSSL has > a corresponding TLSv1 constant named DTLS1_SEND_SERVER_KEY_EXCHANGE. > Seems like a bug, possibly related to the (non widespread) use of ECC > certificates. > > Before really calling out for a bug: you say SSLv3 is disabled. Please be > really sure of that. > > Check the OpenSSL library your nginx has been linked against. I suggest you > update that package on your system and retry. > Try balance between sufficiently up-to-date version and avoinding versions > with well-known vulnerabilities. > > Hope I helped, > > --- > B. R. > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx [1] Links: ------ [1] http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
