nginx, and cloudflare (and maybe trixie?)

To: "debian-user@lists.debian.org" <debian-user@lists.debian.org>
Subject: nginx, and cloudflare (and maybe trixie?)
From: Antonio Russo <aerusso@aerusso.net>
Date: Sun, 10 Aug 2025 05:16:48 -0600
Message-id: <[🔎] d08add2a-d0f5-49a7-a42a-1b1e06e6c813@aerusso.net>

In case anyone else is using nginx and cloudflare:

The documentation for ssl options on your origin server that cloudflare
provides [1] indicate that you should use

 ssl_prefer_server_ciphers on;

I found that setting this option caused a

 SSL_do_handshake() failed (SSL: error:????????:SSL routines::bad cipher) while SSL handshaking

error, at least after upgrading to trixie.  This manifests as a generic 525 error on the browser.

It's not clear to me what the implications of setting this to "off" are (the default for
trixie).

Best,
Antonio


[1] https://developers.cloudflare.com/ssl/origin-configuration/cipher-suites/

Reply to:

Follow-Ups:
- Re: nginx, and cloudflare (and maybe trixie?)
  - From: Dan Ritter <dsr@randomstring.org>

Prev by Date: Re: Nvidia, Trixie, legacy drivers
Next by Date: How does bash interpret tilde character?
Previous by thread: Thanks to the Debian Team...
Next by thread: Re: nginx, and cloudflare (and maybe trixie?)
Index(es):
- Date
- Thread