Hi. Thanks for replying.
I read it in two places. Here are the links.
1.
http://serverfault.com/questions/436737/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server
2.
http://w3facility.org/question/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server/
The full error is this: *peer closed connection in SSL handshake while SSL
handshaking, client: <client_IP>, server: <Server_FQDN> request: "POST
/Microsoft-Server-ActiveSync?Cmd=Ping&User=<domain>%5C<user_name>&DeviceId=SEC090121863242D&DeviceType=SAMSUNGSMT800
HTTP/1.1", upstream:
"https://SERVER_IP:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=
https://SERVER_IP:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=<DOMAIN>%5C<USER_NAME>&DeviceId=SAMSUNGSGHI337",
host: "<SERVER_FQDN>"*
produced with debugging enabled.
If I run *openssl s_client -connect <SERVER_IP:443* I get:
CONNECTED(00000003)
675508300:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
If I run
*openssl s_client -connect <SERVER_IP:443 -SSL3 the connection works but it
won't work from nginx even when I enable SSLv3.*
*Hope I provided enough info. If not please let me know.*
On Tue, Jan 6, 2015 at 5:09 PM, Lukas Tribus <luky-37@hotmail.com> wrote:
> > Hi All
> > I'm trying to use nginx to also proxy to owa. I am getting the error
> > peer closed connection in SSL handshake while SSL handshaking to upstream
> >
> > I have read that this is due to a bug and that the solution is to
> > downgrade to openssl 1.0
>
> Where did you read that? From the information you provided, there
> is no way to understand the issue here at all.
>
> Reproduce this with nginx in debug mode, post the output and better
> yet, post an ssldump sample of the failed handshake as well.
>
>
>
> Lukas
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx