I'm quite new to the FreeBSD environment, I'm quite used to the Linux one.
I've created a jail in FreeNAS 9.3 and installed nginx with ssl support following several online resources (googled "freebsd jail nginx ssl" or something like that) and a lets encrypt certificate. I know there's a newer FreeNAS version based on FreeBSD 10 but I can't upgrade just yet.
Everything works smoothly but my SSLLabs rating is a C because The server supports only older protocols, but not the current best TLS 1.2. Grade capped to C.
In my nginx config file TLSv1.2 is enabled and the server reload gives no error:
[...]
server {
listen 443 ssl;
#SSL
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_dhparam /usr/local/etc/ssl/dhparam.pem;
[...]
# service nginx reload
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Can anybody point me to the error or to a possible workaround? Thankyou
UPDATE:
after kind comments of @Drifter104 and @Amiramix, openssl version is 0.9.8za and doesn't seem to support TLSv1.2
Now that the mistery is solved, I need to discover how to install a more update openssl, thank you
