Scott Larson Wrote: ------------------------------------------------------- > Something else must be going on here. Looking at your ssl_cipher > string, you're opening with a rough declaration of specific ciphers > you'll > support, none of which should pull in RC4. It's specific enough in > fact > that your subsequent excluded ciphers don't even come into play. To > test > this I switched in my old RSA cert, rebuilt 1.7.6 against OpenSSL > 1.0.1j,
Which is why I said try 101j, between 101e and j there are big differences when it comes to invalid fallbacks. Not even mentioning using 101e is asking to be hacked. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,254028,254092#msg-254092 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
