/ Register

Join the community today
Register Now

Nginx [nginx-announce] nginx-1.15.4

Discussion in 'Nginx and PHP-FPM news & discussions' started by eva2000, Sep 26, 2018.

Tags:
Previous Thread Next Thread
Loading...
Page 4 of 4
  1. Oct 12, 2018 #61
    rdan

    rdan Well-Known Member

    5,426
    1,389
    113
    May 25, 2014
    Ratings:
    +2,172
    Local Time:
    6:31 PM
    Mainline
    10.2
    Other sites using OpenSSL 1.1.1 + TLS 1.3 + Pure ECC Certificate works perfectly fine.
     
  2. Oct 12, 2018 #62
    eva2000

    eva2000 Administrator Staff Member

    50,892
    11,794
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,249
    Local Time:
    8:31 PM
    Nginx 1.25.x
    MariaDB 10.x
    other sites on same server or different server ? weird
     
  3. Oct 12, 2018 #63
    rdan

    rdan Well-Known Member

    5,426
    1,389
    113
    May 25, 2014
    Ratings:
    +2,172
    Local Time:
    6:31 PM
    Mainline
    10.2
    :D (y)
     
  4. Oct 12, 2018 #64
    eva2000

    eva2000 Administrator Staff Member

    50,892
    11,794
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,249
    Local Time:
    8:31 PM
    Nginx 1.25.x
    MariaDB 10.x
    99% sure it's visitors anti-virus programs not supporting TLS 1.3 properly as they MITM scan https connections Not able to visit a lot of HTTPS websites ERR_SSL_VERSION_INTERFERENCE [merged]

     
  5. Oct 16, 2018 #65
    buik

    buik “The best traveler is one without a camera.”

    1,914
    498
    83
    Apr 29, 2016
    Flanders
    Ratings:
    +1,603
    Local Time:
    11:31 AM
    D-day! Chrome 70 with TLS 1.3 RFC support. 24 hours or less and counting.
     
  6. Oct 17, 2018 #66
    rdan

    rdan Well-Known Member

    5,426
    1,389
    113
    May 25, 2014
    Ratings:
    +2,172
    Local Time:
    6:31 PM
    Mainline
    10.2
    Deployed again for the last 10 hours and no one complains anymore.
    Nginx 1.15.5 + OpenSSL 1.1.1 + TLS 1.3 .

    Only changes vs last week was I offer both ECC and RSA.
    Now I only serve RSA Cert.
     
  7. Dec 20, 2018 #67
    Akansha

    Akansha New Member

    3
    0
    1
    Dec 18, 2018
    Ratings:
    +0
    Local Time:
    4:01 PM
    1.15.6
    We are using nginx 1.15.6 and we have enable TLS 1.3 also enabled early data using the following command in our nginx configuration file.
    ssl_early_data on;
    proxy_set_header Early-Data $ssl_early_data;

    But it is showing that Early data was not sent.
    we are getting the following
    Code:
    ---
No client certificate CA names sent
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 367 bytes and written 1349 bytes
Verification: OK
---
Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 2B26FE64F5BDA3986B4E754B1A1C981C4F32F8619997DD8F022476E91E606F9A
    Session-ID-ctx:
    Resumption PSK: C2740B4CEEED78B5FDEBBE43104BF20016B544BEB09792509B0E647D7CCE3789B7D6769945535CCDE0BA5FF443FA9BEC
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:
    0000 - c2 6e 0c c7 f4 95 69 c7-09 87 7c f8 39 f7 a7 bb   .n....i...|.9...
    0010 - 4e d2 ce 82 de 2f bf ac-6d ad 20 72 0e be 16 0c   N..../..m. r....
    0020 - 3f e6 43 c8 bf 4e 05 bc-94 2e 17 b4 99 8a 1d d9   ?.C..N..........
    0030 - 0f 58 e4 dc 79 08 72 14-74 5d 3f 16 09 d7 82 33   .X..y.r.t]?....3
    0040 - b3 27 b4 c7 7d 73 e8 73-24 fb f6 a6 c3 1e 94 e2   .'..}s.s$.......
    0050 - 33 84 59 5b 9d 7c c4 fe-36 45 e4 9d cc 05 20 e7   3.Y[.|..6E.... .
    0060 - ba 48 42 83 88 0e 27 92-30 19 19 67 80 63 c7 31   .HB...'.0..g.c.1
    0070 - ab e5 19 fb ff 87 c2 c6-9e b2 9c 0c be cc 32 28   ..............2(
    0080 - ee d6 85 65 1e 47 bb 2a-61 69 96 b0 52 b1 b2 93   ...e.G.*ai..R...
    0090 - 09 d5 f6 27 c5 b7 bc f5-70 b3 22 df 2a c4 f8 51   ...'....p.".*..Q
    00a0 - 7f 3a 02 c5 82 f6 43 49-4f 9c 2f e3 7c 2e 03 ab   .:....CIO./.|...
    00b0 - 7d 5a ca 37 67 04 7f b9-8f e3 7e ee e3 32 a8 f6   }Z.7g.....~..2..
    00c0 - 60 af 7c 19 10 c5 24 52-11 23 c0 2e 36 39 0a 69   `.|...$R.#..69.i
    00d0 - 18 08 cb 49 c3 73 4b c8-c4 4e bc 57 33 c6 9d 8e   ...I.sK..N.W3...
    00e0 - de dd 17 ec 5e 30 44 a0-7a 94 18 e5 55 8f 0b 0a   ....^0D.z...U...

    Start Time: 1545297256
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no
    Max Early Data: 16384
---
read R BLOCK
    Where am i getting wrong?
    Any help will be appreciated.
     
  8. Dec 20, 2018 #68
    eva2000

    eva2000 Administrator Staff Member

    50,892
    11,794
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,249
    Local Time:
    8:31 PM
    Nginx 1.25.x
    MariaDB 10.x
  9. Dec 20, 2018 #69
    Akansha

    Akansha New Member

    3
    0
    1
    Dec 18, 2018
    Ratings:
    +0
    Local Time:
    4:01 PM
    1.15.6

    yes, we did. But it is showing the following result.

    Code:
    ---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 0 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
     
  10. Dec 20, 2018 #70
    eva2000

    eva2000 Administrator Staff Member

    50,892
    11,794
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,249
    Local Time:
    8:31 PM
    Nginx 1.25.x
    MariaDB 10.x
    just tested and not having any problems on 123.09beta01 with test domain http2.domain.com

    created /tmp/https.txt with contents
    Code (Text):
    GET / HTTP/1.1
Host: http2.domain.com:443

    add to /usr/local/nginx/conf/conf.d/http2.domain.com.ssl.conf vhost place directives above web root /
    Code (Text):
      ssl_early_data on;
  proxy_set_header Early-Data $ssl_early_data;

  location / {
  include /usr/local/nginx/conf/503include-only.conf;

    save HTTP/2 HTTPS session
    Code (Text):
    /opt/openssl/bin/openssl s_client -connect http2.domain.com:443 -sess_out session.pem

    replay saved session for HTTP/2 HTTPS early data TLS 1.3 0-RTT
    Code (Text):
    echo -n | /opt/openssl/bin/openssl s_client -connect http2.domain.com:443 -sess_in session.pem -early_data /tmp/https.txt

---
SSL handshake has read 245 bytes and written 779 bytes
Verification error: self signed certificate
---
Reused, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 256 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was accepted
Verify return code: 18 (self signed certificate)
---
---
Post-Handshake New Session Ticket arrived:
SSL-Session:
    Protocol  : TLSv1.3
    Cipher    : TLS_AES_256_GCM_SHA384
    Session-ID: 6D5050A7F4FCD05B9E01EAE97C1ACB73C5237EF455982BC3878DA9D4F70D6F34
    Session-ID-ctx: 
    Resumption PSK: 0CD983646EFF898629BB929C5048611F11C6CF90E133CAF666590FAD1FEFA38D5DADF5B37239F25BB1C58381AF372BA7
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 3600 (seconds)
    TLS session ticket:

    Start Time: 1545305699
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    Extended master secret: no
    Max Early Data: 16384
     
Previous Thread Next Thread
Loading...
Page 4 of 4

.