How to disable TLS renegotiation in nginx

Question

I am having a very weird problem with safari on nginx which is hosting my server. The ssl handshake fails and give a server certificate warning pop-up and I get this in nginx debug logs

nginx logs
    2013/11/01 23:27:59 [debug] 16494#0: *240 http recv(): 1
    2013/11/01 23:27:59 [debug] 16494#0: *240 https ssl handshake: 0x16
    2013/11/01 23:27:59 [debug] 16494#0: *240 SSL server name: "www.unitedwifi.com"
    2013/11/01 23:27:59 [debug] 16494#0: *240 SSL_do_handshake: -1
    2013/11/01 23:27:59 [debug] 16494#0: *240 SSL_get_error: 2
    2013/11/01 23:27:59 [debug] 16494#0: *240 reusable connection: 0
    2013/11/01 23:27:59 [debug] 16494#0: *240 SSL handshake handler: 0
    2013/11/01 23:27:59 [debug] 16494#0: *240 SSL_do_handshake: 1
    2013/11/01 23:27:59 [debug] 16494#0: *240 SSL: TLSv1, cipher: "ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1"
    2013/11/01 23:27:59 [debug] 16494#0: *240 reusable connection: 1

After searching online the only reason that I can think of is ssl renegotiation which according to some posts is still not supported by safari. With other browsers I dont see any problem.ALso unitedwifi.com is a portal that I host on my VPN Is there a way in nginx to disable renegotiation from conf file? ANy suggestions to fix this?

Answer 1

Nginx doesn't allow renegotiation since 0.7.64 or 0.8.23. And I don't see any renegotiation in the debug log that you have provided.

http://nginx.org/en/CHANGES

Changes with nginx 0.8.23                                        11 Nov 2009

   *) Security: now SSL/TLS renegotiation is disabled.
      Thanks to Maxim Dounin.

Most likely, that certificate warning pop-up has nothing to do with nginx, but is related to certificate itself.