0
0
Nginxdevops~20 mins

SSL directive configuration in Nginx - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
SSL Configuration Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
💻 Command Output
intermediate
2:00remaining
Output of SSL certificate check command
What is the output of running openssl s_client -connect example.com:443 if the SSL certificate is valid and trusted?
Nginx
openssl s_client -connect example.com:443
ACONNECTED(00000003)\ndepth=2 C = US, O = Let's Encrypt, CN = R3\nverify return:1\n---\nCertificate chain\n 0 s:CN = example.com\n i:C = US, O = Let's Encrypt, CN = R3\n---\nSSL handshake has read 3456 bytes and written 456 bytes\n---\nNew, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384\n---\nVerify return code: 0 (ok)
BERROR:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure\n139832123456768:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
CCONNECTED(00000003)\ndepth=0 CN = example.com\nverify error:num=20:unable to get local issuer certificate\n---\nCertificate chain\n 0 s:CN = example.com\n i:C = US, O = Unknown CA, CN = Unknown\n---\nVerify return code: 20 (unable to get local issuer certificate)
DCONNECTED(00000003)\nno peer certificate available\n---\nNo client certificate CA names sent\n---\nSSL handshake has read 0 bytes and written 456 bytes\n---\nVerify return code: 0 (ok)
Attempts:
2 left
💡 Hint
Look for 'Verify return code: 0 (ok)' which means the certificate is valid.
Configuration
intermediate
2:00remaining
Correct SSL protocol configuration in nginx
Which nginx SSL configuration snippet correctly disables SSLv2 and SSLv3 but enables TLSv1.2 and TLSv1.3?
Assl_protocols SSLv2 SSLv3 TLSv1.2 TLSv1.3;
Bssl_protocols TLSv1.2 TLSv1.3;
Cssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
Dssl_protocols SSLv3 TLSv1.2 TLSv1.3;
Attempts:
2 left
💡 Hint
Modern best practice disables SSLv2 and SSLv3 due to security risks.
Troubleshoot
advanced
2:00remaining
Troubleshooting missing SSL certificate error
An nginx server fails to start with the error: nginx: [emerg] cannot load certificate "/etc/nginx/ssl/server.crt": BIO_new_file() failed. What is the most likely cause?
AThe SSL certificate file is valid but the private key file is missing.
BThe SSL certificate file is expired but still present.
CThe SSL certificate file is in DER format instead of PEM format.
DThe SSL certificate file /etc/nginx/ssl/server.crt does not exist or has wrong permissions.
Attempts:
2 left
💡 Hint
BIO_new_file() failure usually means file not found or unreadable.
🔀 Workflow
advanced
2:00remaining
Order of SSL directives in nginx config
What is the correct order of these SSL directives inside an nginx server block for proper SSL setup?
A4,3,2,1
B1,2,3,4
C3,4,1,2
D2,1,3,4
Attempts:
2 left
💡 Hint
Protocol and cipher settings should come before specifying certificates.
Best Practice
expert
2:00remaining
Best practice for SSL session cache configuration
Which nginx SSL session cache configuration is best for improving performance while maintaining security?
Assl_session_cache shared:SSL:10m; ssl_session_timeout 10m;
Bssl_session_cache off; ssl_session_timeout 5m;
Cssl_session_cache shared:SSL:1m; ssl_session_timeout 1h;
Dssl_session_cache shared:SSL:50m; ssl_session_timeout 24h;
Attempts:
2 left
💡 Hint
Balance cache size and timeout to avoid memory waste and stale sessions.