nginx-build icon indicating copy to clipboard operation
nginx-build copied to clipboard
verified publisher icon MatthewVance

Clarification about TLS 1.2/1.3 with windows Registry settings

Open Saravanan109587 opened this issue 3 years ago • 1 comments

Dear team,

We are using nginx-1.22.0 in WIndows 2019 server. In nginx configuration we have enabled to use TLS 1.2 and TLS 1.3, Now we need clarification , In windows registry there is a option to enable/disable specific TLS/SSL version for both client as well server, does these setting will affect the protocol that enabled in nginx? how it is working?

NGINX config: ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; ssl_prefer_server_ciphers on;

Windows Registry Setting:

image

Saravanan109587 avatar Jun 08 '22 03:06 Saravanan109587

I'm not familiar with nginx on Windows. That being said, the nginx build is using OpenSSL for the TLS/crypto library. As such, the SSL/TLS settings from Schannel SSP shouldn't have any bearing. You could confirm by configuring nginx, starting the server, and running nmap with the extra TLS checking flags. If your server is Internet accessible, you could use https://www.ssllabs.com/ssltest/ instead of nmap.

MatthewVance avatar Jun 25 '22 01:06 MatthewVance

Thanks for the response.

sorry for the delay response.

Saravanan109587 avatar Feb 07 '23 08:02 Saravanan109587