intermittent openssl error with nginx on ubuntu 14.04 -
i got intermittent ssl handshake errors nginx:
2015/08/23 08:46:53 [info] 38013#0: *14817 ssl_do_handshake() failed (ssl: error:1408f119:ssl routines:ssl3_get_record:decryption failed or bad record mac) while ssl handshaking, client: 10.203.128.125, server: 0.0.0.0:5989 2015/08/23 09:24:15 [info] 38013#0: *27818 peer closed connection in ssl handshake while ssl handshaking, client: 10.203.128.125, server: 0.0.0.0:5989
the error rate pretty low, 1 out of 10000 (based on error , request in last 24 ours)
i upgraded nginx , openssl latest version 14.04.
dpkg -l | egrep "ssl|nginx" ii libflac8:amd64 1.3.0-2 amd64 free lossless audio codec - runtime c library ii libgnutls-openssl27:amd64 2.12.23-12ubuntu2.1 amd64 gnu tls library - openssl wrapper ii libssl-dev:amd64 1.0.1f-1ubuntu2.15 amd64 secure sockets layer toolkit - development files ii libssl1.0.0:amd64 1.0.1f-1ubuntu2.15 amd64 secure sockets layer toolkit - shared libraries ii nginx 1.4.6-1ubuntu3.3 small, powerful, scalable web/proxy server ii nginx-common 1.4.6-1ubuntu3.3 small, powerful, scalable web/proxy server - common files ii nginx-core 1.4.6-1ubuntu3.3 amd64 nginx web/proxy server (core version) ii openssl 1.0.1f-1ubuntu2.15 amd64 secure sockets layer toolkit - cryptographic utility ii ssl-cert 1.0.33 simple debconf wrapper openssl
the client scvmm 2012 r2.
does know cause of this?
after disabled tls1.2. ssl error gone. here configuration in nginx after change:
ssl_protocols tlsv1 tlsv1.1; ssl_ciphers ecdh+aesgcm:dh+aesgcm:ecdh+aes256:dh+aes256:ecdh+aes128:dh+aes:ecdh+3des:dh+3des:rsa+aes:rsa+3des:!anull:!md5:!dss; ssl_prefer_server_ciphers on;
Comments
Post a Comment