intermittent openssl error with nginx on ubuntu 14.04 -


i got intermittent ssl handshake errors nginx:

2015/08/23 08:46:53 [info] 38013#0: *14817 ssl_do_handshake() failed (ssl: error:1408f119:ssl routines:ssl3_get_record:decryption failed or bad record mac) while ssl handshaking, client: 10.203.128.125, server: 0.0.0.0:5989 2015/08/23 09:24:15 [info] 38013#0: *27818 peer closed connection in ssl handshake while ssl handshaking, client: 10.203.128.125, server: 0.0.0.0:5989 

the error rate pretty low, 1 out of 10000 (based on error , request in last 24 ours)

i upgraded nginx , openssl latest version 14.04.

dpkg -l | egrep "ssl|nginx" ii  libflac8:amd64                   1.3.0-2                               amd64        free lossless audio codec - runtime c library ii  libgnutls-openssl27:amd64        2.12.23-12ubuntu2.1                   amd64        gnu tls library - openssl wrapper ii  libssl-dev:amd64                 1.0.1f-1ubuntu2.15                    amd64        secure sockets layer toolkit - development files ii  libssl1.0.0:amd64                1.0.1f-1ubuntu2.15                    amd64        secure sockets layer toolkit - shared libraries ii  nginx                            1.4.6-1ubuntu3.3                               small, powerful, scalable web/proxy server ii  nginx-common                     1.4.6-1ubuntu3.3                               small, powerful, scalable web/proxy server - common files ii  nginx-core                       1.4.6-1ubuntu3.3                      amd64        nginx web/proxy server (core version) ii  openssl                          1.0.1f-1ubuntu2.15                    amd64        secure sockets layer toolkit - cryptographic utility ii  ssl-cert                         1.0.33                                         simple debconf wrapper openssl 

the client scvmm 2012 r2.

does know cause of this?

after disabled tls1.2. ssl error gone. here configuration in nginx after change:

ssl_protocols tlsv1 tlsv1.1; ssl_ciphers ecdh+aesgcm:dh+aesgcm:ecdh+aes256:dh+aes256:ecdh+aes128:dh+aes:ecdh+3des:dh+3des:rsa+aes:rsa+3des:!anull:!md5:!dss; ssl_prefer_server_ciphers on; 

Comments

Popular posts from this blog

java - UnknownEntityTypeException: Unable to locate persister (Hibernate 5.0) -

python - ValueError: empty vocabulary; perhaps the documents only contain stop words -

ubuntu - collect2: fatal error: ld terminated with signal 9 [Killed] -