Welcome! Log In Create A New Profile

Advanced

Reverse proxy TLS 1.3 on back end, how to?

Posted by Nephilimi 
Reverse proxy TLS 1.3 on back end, how to?
May 11, 2022 09:05AM
Problem; with Nginx configured as a reverse proxy to a TLS 1.3 back end I get a 502 bad gateway error from clients connecting to the proxy and Nginx error log fills with this;

2022/05/11 08:41:34 [error] 28335#28335: *296 SSL_do_handshake() failed (SSL: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:SSL alert number 70) while SSL handshaking to upstream, client: xx.xx.xx.xx, server: something.example.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://xx.xx.xx.xx:443/favicon.ico", host: "something.example.com", referrer: "https://something.example.com/"

I already know if I allow TLS1.2 on the back end web server everything works.

I tried adding this to my reverse proxy configuration in the "server {" statement
proxy_ssl_protocol TLSv1.2 TLSv1.3;

That gets me this;

sudo nginx -t
nginx: [emerg] unknown directive "proxy_ssl_protocol" in /etc/nginx/sites-enabled/example.conf:21
nginx: configuration file /etc/nginx/nginx.conf test failed


I tried adding that to my server.conf in the "http {" section which gets me this error

sudo nginx -t
nginx: [emerg] unknown directive "proxy_ssl_protocol" in /etc/nginx/nginx.conf:36
nginx: configuration file /etc/nginx/nginx.conf test failed

Is that even the right statement? If so where do I put it?
Re: Reverse proxy TLS 1.3 on back end, how to?
May 11, 2022 12:57PM
proxy_ssl_protocols NOT proxy_ssl_protocol
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 76
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready