Handsake fail on nginx 1.11.13 with OpenSSL_1_1_0-pre6-2220-gb3c42fc25 #20
Comments
|
FYI I'm seeing this too with nginx 1.13.0 and openssl HEAD from today. |
|
I've been seeing this issue for a while atleast 2-3 weeks, at first I thought it was related this this(1). In fact it might still be. |
|
It's a bug in OpenSSL, I've submitted a PR: openssl/openssl#3310 |
|
Great @grahamedgecombe Thank you for quick response :) |
|
Fix has been merged into OpenSSL's master branch, closing |
|
Great work, thank you. I've tested and it works. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hey,
Litte bug report , that took some time to trace down to ct,
I'm running a test server with TLSv1.3 and with the latest few post draft 19 off TLSv1.3 implementation of TLSv1.3 I get server handshake fail in all browsers tested,
However after I comment out ssl_ct in config, site works again
nginx build options
nginx version: nginx/1.11.13
built by gcc 6.3.0 20170406 (Ubuntu 6.3.0-12ubuntu2)
built with OpenSSL 1.1.1-dev xx XXX xxxx
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --with-pcre=../pcre-8.40 --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-openssl=../openssl --with-openssl-opt=enable-tls1_3 --with-http_gzip_static_module --with-http_addition_module --with-http_geoip_module --with-http_dav_module --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module --with-stream --with-stream_ssl_module --with-mail=dynamic --with-http_v2_module --add-dynamic-module=/opt/nginx-ct --with-mail=dynamic
Is there away to get this working again with newest git of OpenSSL? or should one wait untill TLSv1.3 is final? (looks like draft 20 is coming out very soon)
The text was updated successfully, but these errors were encountered: