AnsweredAssumed Answered

Problem Enable TLS 1.1 & 1.2

Question asked by tommybkk on Nov 23, 2013
Latest reply on Mar 14, 2014 by romanm

Hello everyone,

 

 

First of all, I'm new to SSL configuration but I've already tried to find the solution myself but still not succeed. Please review my problems below.

 

I generated a certificate and private key (self signed) using the script below on Debian Wheezy with OpenSSL 1.0.1e which is the latest version.

 

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

 

After the installation I tested many times with a variety of configuration to enable TLS 1.1 and 1.2 but the result is stil the same tested on Chrome version 31 which supports TLS 1.1 and 1.2.  Here is the result.

 

https://www.ssllabs.com/ssltest/analyze.html?d=thainaturalremedies.com

 

Protocols

TLS 1.2          No

TLS 1.1           No

TLS 1.0           Yes

SSL 3          Yes

SSL 2          No

 

And here is how I configure my nginx virtual host,

 

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers HIGH:!aNULL:!MD5;

 

Also I would like this to work,

 

Session resumption          No (IDs assigned but not accepted)

 

Please guide me how to fix this, any information would be appreciated.

Outcomes