我的客户报告了这个错误。 我无法复制它。 更重要的是,我无法检测到任何瑕疵: http : //www.digicert.com/ http://www.ssltest.net/ https://www.ssllabs.com/ssldb/所有报告dev.anuary.com有一个有效的证书。 我已经为Google(编辑) ssl_error_no_cypher_overlap ,但没有任何线程提供任何有用的指导。
Cannot communicate securely with peer: no common encryption algorithm(s) (Error code: ssl_error_no_cypher_overlap)
事实certificate,问题是:
从版本1.0.5开始,nginx默认使用“ssl_protocols SSLv3 TLSv1”和“ssl_ciphers HIGH:!aNULL:!MD5”
( http://nginx.org/en/docs/http/configuring_https_servers.html#chains )
我已经添加了以下到我的设置,它的工作原理。
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5;
所以,我看到这个:
$ sslscan --no-failed dev.anuary.com _ ___ ___| |___ ___ __ _ _ __ / __/ __| / __|/ __/ _` | '_ \ \__ \__ \ \__ \ (_| (_| | | | | |___/___/_|___/\___\__,_|_| |_| Version 1.8.2 http://www.titania.co.uk Copyright Ian Ventura-Whiting 2009 Testing SSL server dev.anuary.com on port 443 Supported Server Cipher(s): Accepted TLSv1 256 bits DHE-RSA-AES256-SHA Accepted TLSv1 256 bits AES256-SHA Accepted TLSv1 128 bits DHE-RSA-AES128-SHA Accepted TLSv1 128 bits AES128-SHA Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA Accepted TLSv1 168 bits DES-CBC3-SHA Accepted TLSv1 128 bits RC4-SHA Prefered Server Cipher(s): TLSv1 128 bits RC4-SHA
客户端可能不能做TLSv1吗?