[Thanks for the continued effort in assisting!]
I know that OHS in the beehive flavour is limited to TLSv1, and cannot be updated to support newer versions and also no SHA-256 certificates. That's actually why we needed to front NGINX to get various browsers to accept the connection.
All of these connections work fine, but only the OBEO component will refuse a successful connection.
As far as I understand, a redirector process will hand over the initial connect to another process, the abovementioned ombd: I'm seeing another Server Hello and "TLSv1 Record Layer: Change Cipher Spec" after the HTTP GET "/beehive/redirect/secure-mx".
Perhaps it is the other way round: ombd may be the only component missing poodle mitigation. How would I tell NGINX: it did not help to include SSLv3 in the proxy_ssl_protocols parameter.
I know that OHS in the beehive flavour is limited to TLSv1, and cannot be updated to support newer versions and also no SHA-256 certificates. That's actually why we needed to front NGINX to get various browsers to accept the connection.
All of these connections work fine, but only the OBEO component will refuse a successful connection.
As far as I understand, a redirector process will hand over the initial connect to another process, the abovementioned ombd: I'm seeing another Server Hello and "TLSv1 Record Layer: Change Cipher Spec" after the HTTP GET "/beehive/redirect/secure-mx".
Perhaps it is the other way round: ombd may be the only component missing poodle mitigation. How would I tell NGINX: it did not help to include SSLv3 in the proxy_ssl_protocols parameter.