Apple Safari browsers fail to connect


#1

Hi,

I’ve set up a test domain using a Let’s Encrypt certificate, with nginx 1.8.0 on a Ubuntu host. All browsers I’ve tested it with work fine, except for Safari (9.0.1 on OS X 10.11.1) and Mobile Safari on iOS 9.1.
They fail to connect to my site over https, saying that “the server dropped the connection”. Connecting to the same site over regular http does work in Safari.

Can anyone else reproduce this, or is it a misconfguration on my end?

My nginx configuration is included below.

server {
listen 443 ssl;
listen [::]:443 ssl;
server_name duckson.nl;

ssl_certificate /etc/letsencrypt/live/duckson.nl/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/duckson.nl/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/duckson.nl/chain.pem;

ssl_stapling on;
ssl_stapling_verify on;

root /var/www/domains/duckson.nl;
index index.html;

# Some additional 'location {}' blocks here
}

#2

You have an inconsistent setup: https://www.ssllabs.com/ssltest/analyze.html?d=duckson.nl
Some WEAK warnings, but it says it should work on Safari.


#3

well you certainly dont have a too long key, for some reason apple has gone stupid and made keys >4096 impossible…


#4

I’ve found a solution when I tried the nginx configuration described in this post.
After narrowing it down, adding the following line to my config seems to fix the problem (for all current Safari browsers):

ssl_session_cache shared:SSL:10m;

I’m completely stumped as to why this fixes it. If anybody with more knowledge about TLS/SSL knows the answer, please let me know.