Welcome! Log In Create A New Profile


RE: NGINX proxy, 502 error while SSL handshaking to upstream

Juan Matías
March 05, 2014 10:00AM

On Tue, Feb 25, 2014 at 04:34:34PM +0100, Juan Matías wrote:

>* Hello everyone, I'm new here and this my first post in this mailing list,
*> >* Maybe this is a frequently answered question but I could't find
a solution.
*>* Maybe is a "layer 8" issue.
*> >* Right now, I have a Nginx(1.0.8) proxy running on Ubuntu 10.04 32bits,
*>* OpenSSL 0.9.8 doing a https upstream on port 33195. Here is a piece of the
*>* nginx.conf file:
*> >* ......
*>* location /external_services {
*>* proxy_pass https://x.x.x.x:33195/external_service;
*>* allow x.x.x.x;
*>* deny all;
*>* }
*>* ......
*> > >* It is working, but I need to migrate this proxy to a new
server. This new
*>* server runs Ubuntu 12.04, OpenSSL 1.0.1 and Nginx 1.5.10.
*> >* This server receive an http://myproxy/external_services
http://myproxy/external_services request and proxy
*>* it to https://x.x.x.x:33195/external_service;
https://x.x.x.x:33195/external_service; (http to https)
*> >* When I try to access http://myproxy/external_services
http://myproxy/external_services on the new server, I
*>* got a 502 error and I see this message in error.log :
*> >* "peer closed connection in SSL handshake while SSL handshaking to
*>* upstream"
*> >* I found that I can connect(from the proxy server) to
*>* https://x.x.x.x:33195/external_service
https://x.x.x.x:33195/external_service using openssl, doing this:
*> >* $ openssl s_client -connect
*> >* I tried to disable TLSv1.1 in Nginx using the directive: ssl_protocols
*>* SSLv3 TLSv1; but nothing change.
You have to use proxy_ssl_protocols, not ssl_protocols. See

The proxy_ssl_ciphers directive may help, too, depending on what
exactly triggers the problem on your backend.

Maxim Douninhttp://nginx.org/

Thanks Maxim Dounin for the answer
I tried that but did not work.

I tried using directives on nginx config file but the issue continue. I
can't ensure but looks like Nginx was using TLSv1.1 or 1.2 anyway and the
SSL handshake failed. And I didn't find a way to disable this version of
the protocol.

So I fixed the problem compiling nginx(1.0.15) from source using openSSL
0.9.8e. This version of OpenSSL doesnt support TLSv1.1. And that's works. I
have no option, the provider that I'm dealing with doesn't support TLSv1.1
and they are not going to update his service.

nginx mailing list
Subject Author Posted

NGINX proxy, 502 error while SSL handshaking to upstream

Juan Matías February 25, 2014 10:36AM

Re: NGINX proxy, 502 error while SSL handshaking to upstream

Maxim Dounin February 25, 2014 12:04PM

RE: NGINX proxy, 502 error while SSL handshaking to upstream

Juan Matías March 05, 2014 10:00AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 120
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready