No common encryption algorithm(s) (ssl_error_no_cypher_overlap)
My clients are reporting this error. I cannot reproduce it. What's more, I cannot detect any flaws: http://www.digicert.com/ http://www.ssltest.net/ https://www.ssllabs.com/ssldb/ all report dev.anuary.com to have a valid cert. I've Google(ed) for ssl_error_no_cypher_overlap, but none of the threads provided any useful guidance.
Cannot communicate securely with peer: no common encryption algorithm(s)
(Error code: ssl_error_no_cypher_overlap)
- CentOS release 6.2 (Final)
- OpenSSL 1.0.0-20.el6_2.3
- nginx 1.0.15-1.el6.ngx
- Using http://www.networksolutions.com/SSL-certificates/index.jsp Wildcard certificate.
Solution 1:
As it turns out the issue was that:
Since version 1.0.5, nginx uses “ssl_protocols SSLv3 TLSv1” and “ssl_ciphers HIGH:!aNULL:!MD5” by default
(http://nginx.org/en/docs/http/configuring_https_servers.html#chains)
I've added the following to my settings and it works.
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
Solution 2:
So, I'm seeing this:
$ sslscan --no-failed dev.anuary.com
_
___ ___| |___ ___ __ _ _ __
/ __/ __| / __|/ __/ _` | '_ \
\__ \__ \ \__ \ (_| (_| | | | |
|___/___/_|___/\___\__,_|_| |_|
Version 1.8.2
http://www.titania.co.uk
Copyright Ian Ventura-Whiting 2009
Testing SSL server dev.anuary.com on port 443
Supported Server Cipher(s):
Accepted TLSv1 256 bits DHE-RSA-AES256-SHA
Accepted TLSv1 256 bits AES256-SHA
Accepted TLSv1 128 bits DHE-RSA-AES128-SHA
Accepted TLSv1 128 bits AES128-SHA
Accepted TLSv1 168 bits EDH-RSA-DES-CBC3-SHA
Accepted TLSv1 168 bits DES-CBC3-SHA
Accepted TLSv1 128 bits RC4-SHA
Prefered Server Cipher(s):
TLSv1 128 bits RC4-SHA
Is it possible the client can't do TLSv1?