CentOS 7 nginx 1.14 with OpenSSL 1.1.1

jfalvrz21 · 10-19-2018, 09:24 AM

Hello Community

Who can help me with this topic ?

I have a server with CentOS 7. I want to install nginx 14 with TLS 1.3

I compiled nginx 1.14.0 with openssl 1.1.1

[root@www ~]# nginx -V

nginx version: nginx/1.14.0 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC) built with OpenSSL 1.1.1 11 Sep 2018
TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx...

However, when I try the connection from Google Chrome or Firefox this error appears:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

When I checked the connection through of Openssl (openssl s_client -connect x.x.x.x:443)

The result shows this at the end:

---
read R BLOCK
R
RENEGOTIATING
HTTP/1.1 400 Bad Request
Server: nginx/1.14.0
Date: Fri, 19 Oct 2018 13:57:36 GMT
Content-Type: text/html
Content-Length: 173
Connection: close

<html>
<head><title>400 Bad Request</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx/1.14.0</center>
</body>
</html>
140000528848704:error:1420410A:SSL routines:SSL_renegotiate:wrong ssl version:ssl/ssl_lib.c:2113:

Thanks

sevendogsbsd · 10-19-2018, 09:28 AM

Does either browser support TLS 1.3? Not researched 1.3 so don't know status yet.

jfalvrz21 · 10-19-2018, 09:42 AM

I think yes, because the openssl is official https://www.openssl.org/news/openssl-1.1.1-notes.html

When I connect to Cloudflare or Facebook, they are using TLS 1.3

Best regards

sevendogsbsd · 10-19-2018, 09:46 AM

Ah OK, good to know, I just didn't so seemed good first question.