New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Nginx not using TLS 1.2 despite it being in the config #3825
Comments
Thank you for creating an issue. For more information about the policies for this repository, The easiest option to gain traction is to close this ticket and open a new one using one of our templates. |
any hints in nginx general\access\error logs?
I hope @fichtner will someday have time to look at #3678 and we will try to make it possible to view the config in the GUI 😉 |
Thanks for answering. I can't find anything TLS related in the logs. The ssl_* directives look like this:
I used this for reference. Seems to be something like Synology is using in their Nginx implementation. |
got it, thanks. looks good, so i think its OpenSSL work and its not the default server in nginx? |
Setting the TLS 1.2 one as default_server worked, but now every entry seems to use TLS 1.2. Is that normal? |
In my understanding - yes, This is how OpenSSL works: if OpenSSL applies some of the params before the nginx SNI-callback (and it looks like this is still the case from the time of https://forum.nginx.org/read.php?2,254016,254673#msg-254673 ) or there is the lack of SNI info in request - then the default server params will be applied. |
I couldn’t find anything in that regards, so thanks a lot for that. I guess I should apply the same settings for every entry then to make it even. What would happen if I had multiple default servers and what exactly is the function of the default server? |
There can be only one © default_server for every address:port pair. |
I can’t seem to find help anywhere, so I am asking here additionally.
I need TLS 1.2 for the iOS Apps of Bitwarden and Jellyfin (Swiftfin). I setup my Reverse Proxy to use TLS 1.2, 1.3 with Ciphers from that Mozilla SSL Configurator.
I applied the settings again, I can see these settings in the nginx.conf using the shell and I still don‘t have TLS 1.2. It’s always just TLS 1.3 when I check it with these Testing Sites and I also don‘t have a working App.
Before I used the one built into Synology DSM where it worked.
Anybody here that has an idea?
The text was updated successfully, but these errors were encountered: