error with last chrome and openssl #36
Comments
|
I can confirm this issue. Seen in nginx logs: http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
sendfile on;
keepalive_timeout 65;
gzip on;
brotli on;
brotli_comp_level 4;
brotli_types text/plain text/css application/javascript application/json image/svg+xml application/xml+rss;
ssl_dhparam /etc/ssl/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA';
ssl_prefer_server_ciphers on;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_ecdh_curve X25519:secp384r1;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1;
include ../sites/*;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.tld;
ssl_certificate path/to/fullchain.pem;
ssl_certificate_key path/to/privkey.pem;
ssl_ct on;
ssl_ct_static_scts path/to/scts;
...
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I using last nginx-ct with nginx 1.13.9 and openssl 1.1.1(alpha2)
when using ct we have a bug in chrome 64.0.3282.186
when you open site the all is good, but don’t close the tab and wait 5-10min and than refresh site with f5 and you will get ssl error(ERR_SSL_VERSION_INTERFERENCE on windows) and can’t open site while not close browser or restart nginx.
Also ct works with that openssl only if you write ct vars in block with default_server.
The text was updated successfully, but these errors were encountered: