Welcome! Log In Create A New Profile

Advanced

Re: Intermittent SSL Handshake issues on Ubuntu 12.04 and Nginx

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
April 20, 2015 01:44PM
Hello!

On Sun, Apr 19, 2015 at 06:08:35PM -0400, rPawel wrote:

> Hi Guys,
>
> I posted originally my issue on askubuntu but I think this will be a better
> place
>
> http://askubuntu.com/questions/611418/intermittent-ssl-handshake-issues-on-ubuntu-12-04-and-nginx.
>
> Original post
> --------------------------------
>
> # In simple terms
>
> I am having issues with https handshakes. I am currently using nginx but it
> is most likely not an nginx issue.
>
> # Behaviour
>
> Web clients such as browsers will sometimes present "SSL connection error"
> (Chrome)
>
> Apache benchmark will spit out several error lines and will report around
> 1-10% failures. Errors below will appear in random order but the first one
> is more common.
>
> (1) Benchmarking mysite.net (be patient)...SSL read failed (1) - closing
> connection
> 128494120003296:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption
> failed or bad record mac:s3_pkt.c:486:
>
> (2) SSL read failed (1) - closing connection
> 128494120003296:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> record mac:s3_pkt.c:1262:SSL alert number 20
>
> # Server setup
> Ubuntu:
>
> Ubuntu 12.04 64bit with all updates and patches installed, server
> restarted.
> Nginx:
>
> nginx/1.6.3 - from nginx.org (deb http://nginx.org/packages/ubuntu/ precise
> nginx)
>
> OpenSSL dynamically linked:
>
> # ldd `which nginx` | grep ssl
> libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0
> (0x00007f3065569000)
>
> # strings /lib/x86_64-linux-gnu/libssl.so.1.0.0 | grep "^OpenSSL "
> OpenSSL 1.0.1 14 Mar 2012
>
> Nginx server config (with limited cyphers)
> OpenSSL:
>
> 1.0.1 14 Mar 2012
>
> #dpkg -s libssl1.0.0
> Version: 1.0.1-4ubuntu5.25

This looks similar to this ticket (turned out to be a bug in
OpenSSL, see comments for details):

http://trac.nginx.org/nginx/ticket/215

Try upgrading to OpenSSL 1.0.1h or newer to see if it helps.
Alternatively, make sure the OpenSSL package you are using
includes the fix in question.

[...]

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Intermittent SSL Handshake issues on Ubuntu 12.04 and Nginx

rPawel April 19, 2015 06:08PM

Re: Intermittent SSL Handshake issues on Ubuntu 12.04 and Nginx

Maxim Dounin April 20, 2015 01:44PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 209
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready