No certificate when connecting with TLS1 or TLS1.1

I do:

openssl s_client -connect website.com:443 -tls1_1

And get:

CONNECTED(00000003)
140120601777808:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1315:SSL alert number 40
140120601777808:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:637:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1495200033
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

I also get something like this when testing TLS 1.0.

However, testing TLS 1.2 is successful

The website config (nginx) includes this:

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name website.com www.website.com;
    root /var/www/public/website.com;
    error_log /var/www/nginx.error.log;
    ssl_certificate /etc/letsencrypt/live/website.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/website.com/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/dhparam.pem;
    # modern configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers '*EDITED*;
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    ssl_trusted_certificate /etc/letsencrypt/live/website.com/fullchain.pem;
    resolver 8.8.8.8 8.8.4.4;
[...]

Have no idea what's going on! Any suggestions?

Thanks!


Solution 1:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers '*EDITED*;

While according to the protocols TLS 1.0 .. 1.2 are supported by the server the problem might be the set of ciphers which is unfortunately not shown in detail. There are a few ciphers which are defined new with TLS 1.2 and which can only used with TLS 1.2, notably all ciphers using SHA-256 or SHA-384 as HMAC. If only these ciphers are accepted by the server then this implicitly means that only TLS 1.2 protocol is accepted.

For example the modern profile as currently shown by the Mozilla SSL config generator only includes ciphers available with TLS 1.2 or later and can thus not be used together with older TLS protocol versions.