Closed Night1 closed 7 years ago
What version of OpenSSL/nginx are you using?
Hey, I have two systems
nginx version: nginx/1.11.9 built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4) built with OpenSSL 1.1.0c 10 Nov 2016 TLS SNI support enabled
and \
nginx version: nginx/1.11.9 built by gcc 6.2.0 20161005 (Ubuntu 6.2.0-5ubuntu12) built with OpenSSL 1.1.1-dev xx XXX xxxx TLS SNI support enabled
There is also a bug when using TLSv1.3, the CT does not work at all.
Firefox reports 0 CT when using TLSv1.3 but does report when using TLSv1.2
this in on the
nginx version: nginx/1.11.9 built by gcc 6.2.0 20161005 (Ubuntu 6.2.0-5ubuntu12) built with OpenSSL 1.1.1-dev xx XXX xxxx TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/usr/local/nginx/nginx.pid --with-pcre=../pcre-8.40 --with-zlib=../zlib-1.2.11 --with-http_ssl_module --with-openssl=/hom e/night/Downloads/openssl --with-openssl-opt=enable-tls1_3 --with-http_gzip_static_module --with-http_addition_module --with-http_dav_module --with-http_stub_status_module --with-http_sub_module --with-http_ssl_module --with-stream -- with-stream_ssl_module --with-mail=dynamic --with-http_v2_module --add-dynamic-module=/opt/nginx-ct --with-mail=dynamic
The first problem is probably the same issue as #13.
I'll take a look at the TLS 1.3 issue.
Yeah It does look a lot like #13, so this one can be closed, or do you want to to remain open for TLS1.3?
Since SSLLabs fails to test TLS1.3 only, Firefox does report back no CT for my domains when it is on TLS1.3
Closing (as it's covered by #13 and the new #21)
Hey, Thank you for your work on this module, I've come across an issue.
I got this working on a subdomain of mine on with a certificate issued for both root and a number of subdomains, it works fine on the subdomain, but not on the root domain, both share same SSL configuration in nginx only diffs are folders and proxies.
hmm strange, when I move the commands to enable:
to /etc/nginx/nginx.conf rather than each site in ../enabled-sites/ It works for all subdomains but not the root domain. any idea why this is?
I have two sites enabled, both share same certificate, while one only responds to apps.mydomain.com other responds to www.mydomain.com and mydomain.com
the lather of which is the only one not reporting back as working with SSL labs like the others "Certificate Transparency Yes (TLS extension)"