TLS seems not supported on this server

[EricZhang456]

Hi. I was trying to run Cryptcheck on my SearXNG instance. But I got this instead.

I used to be able to run the test just fine. Here is the TLS configuration for my server (nginx).

        ssl_protocols TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA512:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
        ssl_prefer_server_ciphers off;
        ssl_stapling on;
        ssl_stapling_verify on;
        ssl_session_timeout 1d;
        ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
        ssl_session_tickets off;

[aeris]

ssl_protocols TLSv1.3;

Hello! Currently CryptCheck is not able to test TLS v1.3 because bind to an old OpenSSL version for SSLv2/v3, RC4/3DES and other old ciphers. I plan to add support for TLSv1.3 but it require a lot of rework to support double TLS stack.

So TLSv1.3 only service is detected as no TLS at all at the moment.

[EricZhang456]

ssl_protocols TLSv1.3;

Hello! Currently CryptCheck is not able to test TLS v1.3 because bind to an old OpenSSL version for SSLv2/v3, RC4/3DES and other old ciphers. I plan to add support for TLSv1.3 but it require a lot of rework to support double TLS stack.

So TLSv1.3 only service is detected as no TLS at all at the moment.

Huh. But it used to work fine. I will enable TLS 1.2 anyway.

[aeris]

But it used to work fine

If you previously support at least TLSv1.2, it was good. Only TLSv1.3 only is broken at the moment.

[EricZhang456]

I had TLS 1.3 only for a long time now. Don't know what's going on here.

[EricZhang456]

Btw can you refresh the check for me? I can't do that because it hasn't timed out yet.

https://cryptcheck.fr/https/searx.ericaftereric.top

[aeris]

Sure, it's now done :) https://cryptcheck.fr/https/searx.ericaftereric.top