Enable SSLv3 in nginx on debian server

ssl nginx https sslv3
LeCoon zarakailloux picture LeCoon zarakailloux · Nov 20, 2017 · Viewed 7.1k times · Source

For some demonstration on HTTPS weakness, I'd like to enable SSLv3 on one sub domain of my webserver. I use nginx 1.12.2 on debian 8, and already tried to add the following line

ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;

and then a sudo service nginx restart, but ssllabs still shows SSL as disabled (with the clear-cache option).

Apparently the version of openssl I have supports SSLv3 (openssl ciphers -v), so I don't understand why SSLv3 isn't enabled.

Thanks !

Answer

Eugène Adell picture Eugène Adell · Nov 22, 2017

Try this command to compare with SSLLabs result :

openssl s_client -ssl3 -connect youserver:443

If the handshake is OK, you probably need to configure the cipers in the NGINX config.

Related questions

What does "SSL_CTX_use_PrivateKey_file" "problems getting password error" indicate in Nginx error log?

I'm trying to set up SSL on Nginx. It doesn't work, and I am getting the following error in the error log, which is getting passed up from the OpenSSL library which nginx was compiled with. I don't know what …

Read More
Nginx does redirect, not proxy

I want to set up Nginx as a reverse proxy for a https service, because we have a special usecase where we need to "un-https" a connection: http://nginx_server:8080/myserver ==> https://mysecureservice But what happens is that the …

Read More
nginx proxy based on host when using https

I need to use Nginx as an SSL proxy, which forwards traffic to different back ends depending on the subdomain. I have seem everywhere that I should define multiple "server {" sections but that doesn't work correctly for SSL. Doing that …

Read More