我的客户报告了这个错误。我无法重现它。而且,我没有发现任何缺陷:http://www.digicert.com/ http://www.ssltest.net/ https://www.ssllabs.com/ssldb/所有报告都dev.anuary.com显示有有效证书。我已在 Google 上搜索过ssl_error_no_cypher_overlap,但没有一个帖子提供任何有用的指导。
Cannot communicate securely with peer: no common encryption algorithm(s)
(Error code: ssl_error_no_cypher_overlap)
- CentOS 版本 6.2(最终版)
- OpenSSL 1.0.0-20.el6_2.3
- nginx 1.0.15-1.el6.ngx
- 使用http://www.networksolutions.com/SSL-certificates/index.jsp通配符证书。
答案1
事实证明,问题是:
从 1.0.5 版本开始,nginx 默认使用“ssl_protocols SSLv3 TLSv1”和“ssl_ciphers HIGH:!aNULL:!MD5”
(http://nginx.org/en/docs/http/configuring_https_servers.html#chains)
我已将以下内容添加到我的设置中并且它可以正常工作。
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
答案2
因此,我看到的是:
$ sslscan --no-failed dev.anuary.com
_
___ ___| |___ ___ __ _ _ __
/ __/ __| / __|/ __/ _` | '_ \
\__ \__ \ \__ \ (_| (_| | | | |
|___/___/_|___/\___\__,_|_| |_|
Version 1.8.2
http://www.titania.co.uk
Copyright Ian Ventura-Whiting 2009
Testing SSL server dev.anuary.com on port 443
Supported Server Cipher(s):
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits RC4-SHA
Prefered Server Cipher(s):
TLSv1 128 bits RC4-SHA
客户端有可能无法执行 TLSv1?