Welcome! Log In Create A New Profile

Advanced

Re: Bug re: openssl-1.0.1

Peter Fraser
January 06, 2015 05:48PM
Hi. Thanks for replying.
I read it in two places. Here are the links.
1.
http://serverfault.com/questions/436737/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server
2.
http://w3facility.org/question/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server/

The full error is this: *peer closed connection in SSL handshake while SSL
handshaking, client: <client_IP>, server: <Server_FQDN> request: "POST
/Microsoft-Server-ActiveSync?Cmd=Ping&User=<domain>%5C<user_name>&DeviceId=SEC090121863242D&DeviceType=SAMSUNGSMT800
HTTP/1.1", upstream:
"https://SERVER_IP:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=
https://SERVER_IP:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=<DOMAIN>%5C<USER_NAME>&DeviceId=SAMSUNGSGHI337",
host: "<SERVER_FQDN>"*

produced with debugging enabled.


If I run *openssl s_client -connect <SERVER_IP:443* I get:
CONNECTED(00000003)
675508300:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

If I run

*openssl s_client -connect <SERVER_IP:443 -SSL3 the connection works but it
won't work from nginx even when I enable SSLv3.*

*Hope I provided enough info. If not please let me know.*





On Tue, Jan 6, 2015 at 5:09 PM, Lukas Tribus <luky-37@hotmail.com> wrote:

> > Hi All
> > I'm trying to use nginx to also proxy to owa. I am getting the error
> > peer closed connection in SSL handshake while SSL handshaking to upstream
> >
> > I have read that this is due to a bug and that the solution is to
> > downgrade to openssl 1.0
>
> Where did you read that? From the information you provided, there
> is no way to understand the issue here at all.
>
> Reproduce this with nginx in debug mode, post the output and better
> yet, post an ssldump sample of the failed handshake as well.
>
>
>
> Lukas
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Bug re: openssl-1.0.1

Peter Fraser January 06, 2015 04:40PM

RE: Bug re: openssl-1.0.1

Lukas Tribus January 06, 2015 05:10PM

Re: Bug re: openssl-1.0.1

Peter Fraser January 06, 2015 05:48PM

RE: Bug re: openssl-1.0.1

Lukas Tribus January 06, 2015 07:58PM

RE: Bug re: openssl-1.0.1

Lukas Tribus January 06, 2015 08:14PM

Re: Bug re: openssl-1.0.1

Peter Fraser January 12, 2015 12:22PM

RE: Bug re: openssl-1.0.1

Lukas Tribus January 12, 2015 12:58PM

Re: Bug re: openssl-1.0.1

Peter Fraser January 12, 2015 04:20PM

Re: Bug re: openssl-1.0.1

Peter Fraser January 12, 2015 11:00AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 338
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 466 on July 09, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready