Skip to content

Fix for ignored ssl_protocols and ssl_ciphers directive in conf.d/inc… #2932

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jc21 merged 1 commit into from
Jul 20, 2023
Merged

Fix for ignored ssl_protocols and ssl_ciphers directive in conf.d/inc… #2932

jc21 merged 1 commit into from
Jul 20, 2023

Conversation

@nietzscheanic
Copy link
Contributor

@nietzscheanic nietzscheanic commented May 19, 2023

…lude/ssl-ciphers.conf

nginx only uses the ssl_protocols directive in the server{} block of the first processed host config, which is the default config in /etc/nginx/conf.d/default.conf. in version v2.9.20 the default ssl site was dropped by using ssl_reject_handshake on in the default host config. but beside the include of conf.d/include/ssl-ciphers.conf was removed from the default host config. that's why tlsv1.3 isn't applied by default anymore, same thing with the defined cipher suites. npm is so broken since 2023-03-16.

commit that broke the config -> a7f0c3b

@nietzscheanic
Fix for ignored ssl_protocols and ssl_ciphers directive in conf.d/inc…
8105463 
…lude/ssl-ciphers.conf

nginx only uses the `ssl_protocols` directive in the `server{}` block of the first processed host config, which is the default config in `/etc/nginx/conf.d/default.conf`. in version `v2.9.20` the default ssl site was dropped by using `ssl_reject_handshake on` in the default host config. but beside the include of `conf.d/include/ssl-ciphers.conf` was removed from the default host config. that's why `tlsv1.3` isn't applied by default anymore, same thing with the defined cipher suites. npm is so broken since `2023-03-16`.

commit that broke the config -> NginxProxyManager@a7f0c3b
This was referenced May 19, 2023
Closed
Closed
Closed
Closed
@nginxproxymanagerci
Copy link

nginxproxymanagerci bot commented May 19, 2023

Docker Image for build 1 is available on DockerHub as jc21/nginx-proxy-manager:github-pr-2932

Note: ensure you backup your NPM instance before testing this PR image! Especially if this PR contains database changes.

nietzscheanic referenced this pull request May 20, 2023
@TheBeeZee
Use ssl_reject_handshake to reject requests to default https site
a7f0c3b 
Instead of creating a dummy certificate, we can return an SSL protocol error, which will generate a descriptive error message in the browser.
@jc21 jc21 merged commit aee93a2 into NginxProxyManager:develop Jul 20, 2023
@nietzscheanic nietzscheanic deleted the patch-1 branch August 6, 2023 21:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nietzscheanic @jc21