Hi.
I admin a server nginx (1.14.2) on OpenBSD 6.5.
I wanted to test TLSv1.3, but I didn't pay attention to the fact that the LibreSSL didn't support.
After modified my config by adding ''TLSv1.3'' and TLS cipher, I tested the config:
Code:
# nginx -t
nginx: [emerg] BIO_new_file("/etc/nginx/$file_fullchain") failed (SSL: error:02FFF002:system library:func(4095):No such file or directory:fopen('/etc/nginx/$file_fullchain', 'r') error:20FFF080:BIO routines:CRYPTO_internal:no such file)
nginx: configuration file /etc/nginx/nginx.conf test failed
I delete all informations about TLSv1.3, recheck nginx config; it results same error.
I don"t understand: Before this attempt, my config with TLSv1.2 was working correctly.
Even by restoring all files TLS v1.2 fonctionnal configuration.
Code:
ssl_buffer_size 4k; # 16k, for throughput, video applications
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_session_timeout 1h;
ssl_certificate /etc/ssl/acme/mydomain.net.fullchain.pem;
ssl_certificate_key /etc/ssl/acme/private/mydomain.net.privkey.pem;
ssl_dhparam /etc/nginx/cfg/mydomain.net/dhp_4096.pem;
ssl_ecdh_curve X25519:P-521:P-384;
# Mozilla Modern Config
ssl_protocols TLSv1.2;
ssl_ciphers 'EECDH+CHACHA20:EECDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/acme/mydomain.net.chain.pem;
resolver 80.67.169.12 80.67.169.40 [2001:910:800::12] [2001:910:800::40] valid=300s;
resolver_timeout 3s;
An idea?