#11
I have fixed this. I'm running nginx in centos. After upgrading to the following...

nginx version: nginx/1.16.0 (packages.exove.com: SSE2, openssl-1.1.1c, PCRE JIT, TCP Fast Open)
built by gcc 7.3.1 20180303 (Red Hat 7.3.1-5) (GCC)
built with OpenSSL 1.1.1c 28 May 2019
TLS SNI support enabled

and using the cipherlist from https://cipherli.st/

ssl_protocols TLSv1.2 TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/dhparam.pem; # openssl dhparam -out /etc/nginx/dhparam.pem 4096
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver $DNS-IP-1 $DNS-IP-2 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";

This worked as expected.

My guess is the letencrypt docker container is running nginx but an other version compiled with an older openssl version. I'd look at getting this upgraded.

Chris
#12
Just wanted to add to this. I experienced this error and my nginx error logs had loads of these errors

Code: Select all

SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking

The specific fix is related to the cipher suit used. I changed mine to this and now it works (works with plex).

Code: Select all

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM;
Thanks chriscolden for posting the config.
#13
I have a small selection of ciphers and have the same problem with art and episodes missing. The same unsupported protocol message in the error logs as well. I'll have to try adding the extra ciphers although everything is working fine outside of NZB360.


#14
Thanks tempemple! Using those ciphers my nzb360 works as it should. I've had this problem for about a year, so happy to have it working again.

Old Cipher

Code: Select all

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
New Cipher

Code: Select all

ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:EECDH+AESGCM:EDH+AESGCM;
Seems like the only difference is
This is removed
ECDHE-RSA-AES256-SHA384

This is added
EECDH+AESGCM:EDH+AESGCM
cron