search

Wonderfall / dockerfiles

Discontinued. Fork at your will.
Creative Commons Zero v1.0 Universal
392 stars 170 forks source link

[boring-nginx] Solve SSL initialization failed #229

Closed HuiMi24 closed 6 years ago

HuiMi24 commented 7 years ago

When I trying to connect nextcloud with https from my Android phone. I got an error SSL initialization failed. Here's solution: delete all params in /etc/nginx/conf/ssl_params and paste follows:

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA2
ssl_prefer_server_ciphers on;
ssl_stapling_verify on;
Wonderfall commented 6 years ago

I guess you're talking about Android 6 or 7.0. However I don't see any problem with Android 7.1. That's because P-384 support was temporary absent from Android.

These settings are working because ssl_ecdh_curve defaults to auto.