Answer the question
In order to leave comments, you need to log in
D
D
Dmitry2017-11-20 09:35:39
Dmitry, 2017-11-20 09:35:39
How can you detect a legacy ssl client and send it to http?
The problem is that they turned on tls 1.1+ And there were complaints about the inability to connect.
In all cases, these were old NT 5.1 clients and others and $schema https.
How is it possible in case of connection failure via https - to redirect to http
Or at least log these failures.
2 answer(s)
@helldweller
@Sleuthhound
C
chupasaurus, 2017-11-20 @helldweller
$ssl_protocol : returns the protocol of an established SSL connection
M
Mikhail Grigoriev, 2017-11-20 @Sleuthhound
1. Write the output of the command
Perhaps the problem is that you have nginx built with openssl < 1.0.2 and as a result there is no ALPN support, and the browser on your old NT 5.1 is probably new, which no longer supports NPN
2. What ciphers are configured in nginx? Write what you have written in ssl_ciphers. Perhaps you are opening your site in a browser that does not support the cipher suite that is registered in your nginx.
Test the site at https://www.ssllabs.com/ssltest/index.html
P.S. If you wrote exactly what version of Windows you have and what browser, then you would have to guess less.
Similar questions
M
M
I
P
E
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question