Cannot use Advanced Rest Client with Letsencrypt Websites because throws: sslv3 alert handshake failure

As I’ve said before I’m not an nginx expert… but my reading of the docs is that that syntax is also only supported since 1.11.0.

Well, strictly speaking it’s worse, as 256 is smaller than 384, but one might hope that the difference is mostly irrelevant in practice. Ideally you would upgrade to an nginx version that allows you to support multiple curves, so you can use the best one supported by the client. Or even better, the developers of ARC should improve their app to support more and better curves.

OK @jmorahan my last question and I finish:

according to https://www.cdn77.com/tls-test?domain=dev.www.triunfamos.com it reccomends to install TLS 1.3

Which is your advice?

Oh man… @nacesprin is it possible to update your nginx? If you want higher level of ECDHE key exchange that is.

TLS 1.3 is good, but it will also require you to upgrade nginx :wink:

1 Like

Resume:

For nginx 1.10.x the ssl_ecdh_curve sentence must be removed (if I use ARC) from nginx configuration.
For nginx 1.11 the ssl_ecdh_curve must set auto

In sites which has nginx 1.10 but is working ARC is due to is using cloudflare SSL

It is adviced to install TLS 1.3 for nginx 1.11

Thanks @jmorahan

I believe you would need nginx 1.13 if you want to support TLS 1.3.

This is my server: https://www.cdn77.com/tls-test?domain=www.aulafacil.com and it has TLS 1.3 and nginx v 1.10.3 with COMODO SSL

Yes, that’s because the TLS 1.3 is being provided in this case not by the nginx on your server, but by Cloudflare.

It is very logical. I had a headache. So, another solution is use cloudflare :grin:

2 Likes

same her but
https://www.ssllabs.com/ssltest/analyze.html?d=ipfinder.io

work fine

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.