Welcome! Log In Create A New Profile

Advanced

Re: Setting the SSL protocol used on proxy_pass?

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
December 30, 2014 06:28PM
Hello!

On Tue, Dec 30, 2014 at 09:44:17AM +0000, Edward Hibbert wrote:

> I am trying to set up a reverse proxy which handles SSL. This is my first
> time, so I may be doing something stupid.
>
> On the NGINX which is acting as a proxy I get this:
>
> SSL_do_handshake() failed (SSL: error:140770FC:SSL
> routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to
> upstream,
>
> On the NGINX which is upstream I am configured to only accept TLS, because
> of recent SSL security problems.
>
> ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
>
> I would guess that the problem here is that NGINX is opening the proxy
> connection using the wrong SSL protocol. Is there a way to control which
> protocol it uses for the proxy connection?

There is the "proxy_ssl_protocols" directive to control which
protocols are allowed while connecting to upstream HTTPS servers,
see http://nginx.org/r/proxy_ssl_protocols for details. By
default it allows SSLv3 and above, so it should be fine with the
ssl_protocols you configured. The message you are seeing may
appear if you've accidentally set "proxy_ssl_protocols SSLv3"
though.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Setting the SSL protocol used on proxy_pass?

Edward Hibbert December 30, 2014 04:46AM

Re: Setting the SSL protocol used on proxy_pass?

Maxim Dounin December 30, 2014 06:28PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 146
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready