I have a device that is trying to connect with the following Client Hello captured from Wireshark:
It looks like the only Cipher Suite it supports is ECDHE-ECDSA-AES128-GCM-SHA256, I'm therefor trying to enable this with nginx.
events { } http { server { listen 443 ssl; ssl_certificate /etc/nginx/certs/nginx.crt; ssl_certificate_key /etc/nginx/certs/nginx.key; server_name xxx.yyy.zzz; ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256'; } } I don't get an error when running nginx with that config:
$ docker run -p 443:443 -v (pwd):/etc/nginx/certs -v (pwd)/nginx.conf:/etc/nginx/nginx.conf nginx However, the list of supported ciphers comes back null with sslscan:
$ sslscan localhost Version: 1.11.12-static OpenSSL 1.0.2f 28 Jan 2016 ERROR: Could not open a connection to host localhost (::1) on port 443. Connected to 127.0.0.1 Testing SSL server localhost on port 443 using SNI name localhost TLS Fallback SCSV: Server supports TLS Fallback SCSV TLS renegotiation: Session renegotiation not supported TLS Compression: Compression disabled Heartbleed: TLS 1.2 not vulnerable to heartbleed TLS 1.1 not vulnerable to heartbleed TLS 1.0 not vulnerable to heartbleed Supported Server Cipher(s): $ I'm not an ops guy, so I'm not familiar with setting up servers. I just need to get this IoT device to connect to my server.
So how can I go about enabling the ECDHE-ECDSA-AES128-GCM-SHA256 cipher suite with nginx?
nginx:latestfrom Dockerhub: hub.docker.com/_/nginx