AnsweredAssumed Answered

How to use ECDHE-ECDSA ciphers with nginx?

Question asked by CaduSilva on Nov 16, 2013
Latest reply on Nov 18, 2013 by Ivan Ristić

I have a nginx server with this cipher prefered list:

 

ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-SHA384 ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES256-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA AES256-SHA AES128-SHA RC4-SHA !aNULL !eNULL !LOW !DES !3DES !MD5 !EXP !PSK !SRP !DSS !ADH

 

But neither the browsers nor SSL Labs select/detect the ECDHE-ECDSA ciphers. How do I enable then? I use OpenSSL 1.0.1e. When I try to connect using the first cipher, this is the output:

 

CONNECTED(00000003)

140064802789192:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:

---

no peer certificate available

---

No client certificate CA names sent

---

SSL handshake has read 7 bytes and written 165 bytes

---

New, (NONE), Cipher is (NONE)

Secure Renegotiation IS NOT supported

Compression: NONE

Expansion: NONE

 

I read that I need some ECDSA signing, but I don't know how to do it. I'm using a GeoTrust RapidSSL cert.

Outcomes