TLS seems not supported on this server
Closed this issue · 6 comments
Hi. I was trying to run Cryptcheck on my SearXNG instance. But I got this instead.
I used to be able to run the test just fine. Here is the TLS configuration for my server (nginx).
ssl_protocols TLSv1.3; # Dropping SSLv3, ref: POODLE
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA512:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA512:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_session_timeout 1d;
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
ssl_session_tickets off;ssl_protocols TLSv1.3;
Hello!
Currently CryptCheck is not able to test TLS v1.3 because bind to an old OpenSSL version for SSLv2/v3, RC4/3DES and other old ciphers.
I plan to add support for TLSv1.3 but it require a lot of rework to support double TLS stack.
So TLSv1.3 only service is detected as no TLS at all at the moment.
ssl_protocols TLSv1.3;Hello! Currently CryptCheck is not able to test TLS v1.3 because bind to an old OpenSSL version for SSLv2/v3, RC4/3DES and other old ciphers. I plan to add support for TLSv1.3 but it require a lot of rework to support double TLS stack.
So TLSv1.3 only service is detected as no TLS at all at the moment.
Huh. But it used to work fine. I will enable TLS 1.2 anyway.
But it used to work fine
If you previously support at least TLSv1.2, it was good. Only TLSv1.3 only is broken at the moment.
I had TLS 1.3 only for a long time now. Don't know what's going on here.
Btw can you refresh the check for me? I can't do that because it hasn't timed out yet.
Sure, it's now done :)
https://cryptcheck.fr/https/searx.ericaftereric.top