Opened 9 months ago
Last modified 9 months ago
#2627 new defect
different nginx behavior as v4 and v6
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-module | Version: | 1.25.x |
Keywords: | Cc: | ||
uname -a: | Linux lab109.machine 6.6.23 #1 SMP PREEMPT_DYNAMIC Wed Mar 27 13:33:29 CDT 2024 x86_64 13th Gen Intel(R) Core(TM) i7-1360P GenuineIntel GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.25.4
built with OpenSSL 3.2.1 30 Jan 2024 TLS SNI support enabled configure arguments: --prefix=/var/www --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys --user=nginx --group=nginx --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/client_body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --http-scgi-temp-path=/var/lib/nginx/scgi --with-file-aio --with-select_module --with-poll_module --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module --with-cpp_test_module --with-compat --with-pcre --with-pcre-jit --without-pcre2 --with-libatomic --add-module=custom/ModSecurity-nginx --with-ld-opt='-lcurl -llua -lxml2 -lmaxminddb' --add-module=custom/ngx_http_geoip2_module --add-module=custom/njs/nginx |
Description (last modified by )
While a client is connected via IPv4, nginx will offer "OCSP stapling" and a set of cipher suites in the order defined in the configuration.
While a client is connected via IPv6, nginx will not offer "OCSP stapling" and will change the cipher suites order defined in the configuration.
Behavior first noted on nginx/1.25.3 and present on nginx/1.25.4.
Cipher configuration:
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA2
56:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256;
Change History (2)
comment:1 by , 9 months ago
Description: | modified (diff) |
---|
comment:2 by , 9 months ago
Description: | modified (diff) |
---|