Quantcast
Channel: Nginx Forum - Other discussion
Viewing all articles
Browse latest Browse all 972

Re: issue with Oracle HTTP Server 10.1.3

$
0
0
I checked, but no, there is no return or rewrite in the NGINX configuration.

Sorry, but I used http instead of https, so the last test was useless.

Another go ... now the curl picture is as follows: the tracefiles of
CURL doing ...

curl https://my-server.my-domain:55094/beehive/redirect/secure-mx --tlsv1.0 --stderr curl-err.txt --output curl-out.txt --trace curl-trace.txt

... look quite similar (we know that Oracle 10.1.3 will only speak
TLSV1.0), and I don't see any TLS negotiation issues ... strange!

I must be the special combination:

curl <-> nginx <-> OHS

appears to work (although fetching the single page via curl is a very
limited test), and

OBEO <-> nginx <-> OHS

will fail (OBEO are the Outlook extensions to work with the beehive
server).

I can see that OBEO sends a quite restricted choice of Cipher Suites
when doing the "Client hello":

Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x0063)

without NGINX, OHS will, according to Server hello, choose

Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)

with NGINX, the Server hello of NGINX indicates

Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

and further on, the OHS communication with NGINX will settle on

Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

It is still my suspect that the handover to the abovementioned ombd
incurs the failing when NGINX is in the chain, resulting in the debug
message ...

SSL: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

... that I cited above.

Viewing all articles
Browse latest Browse all 972

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>