Welcome! Log In Create A New Profile

Advanced

Problems with nginx accepting tls connections

February 29, 2016 01:06PM
Apologies if this is not solely connected to nginx, but I think I've narrowed it down to the connection with nginx, and how it is handling TLS connections. I'm attempting to setup nginx to receive connections from an amazon dash button (using information from http://blog.nemik.net/2015/08/dash-button-corral/). Using ubuntu 14.04 and nginx 1.4.6 this setup is working correctly, the dash connects to my server, they exchange keys (although the key my server sends is not the one that the dash is expecting, it doesn't actually check this, and then the dash connects to the page 2/b on my server, and everything is great. I recently upgraded to Ubuntu 15.10 with nginx 1.9.3 and something is going wrong with the TLS/SSL connection. With the same setup, my server appropriately responds to the page 2/b if I get or put there manually (from a browser, etc.) but the dash is never able to connect.

I've run ssldump on both setups, and it looks like on nginx 1.9.3 the connection never gets further than ServerHelloDone before the TCP FIN are sent from client to server and server to client, no client key is exchanged, and no data is exchanged (I've added output from ssldump with each below). Is this an nginx configuration issue? Is there anyway I can configure nginx/openssl so that these connections can go through like they did with previous setups?

I'm happy to provide more detailed configuration, log files, or other information if needed. Thank you in advance for your help.


with nginx 1.9.3 192.168.1.140 is the dash button, 192.168.1.21 is my server with nginx 1.9.3 on it:
New TCP connection #50: 192.168.1.140(30004) <-> 192.168.1.21(443)
50 1 0.0090 (0.0090) C>SV3.1(49) Handshake
ClientHello
Version 3.1
random[32]=
00 00 37 5d 36 36 15 9d 59 8d da 1e ad f7 90 d7
a0 32 bd b9 c0 6f 58 6b cd 3f a0 5a a0 76 91 ca
cipher suites
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
50 2 0.0094 (0.0004) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
87 08 53 95 a3 9e 1b 7b f0 a8 56 cd f8 2b cc 03
94 27 3e 0e 8f 84 63 3c f5 03 e9 94 d2 1d f2 a4
session_id[32]=
d1 2b 21 f6 f6 e0 16 7b a2 a1 69 ef 18 df 3f d5
e5 50 2e bb c4 c7 b2 5d f1 b7 9c 12 5b 4b ca d1
cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
50 3 0.0094 (0.0000) S>CV3.1(704) Handshake
Certificate
certificate[694]=
[removed for brevity]
50 4 0.0094 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
50 0.0271 (0.0176) C>S TCP FIN
50 0.0274 (0.0002) S>C TCP FIN


with nginx 1.4.6 192.168.1.140 is the dash button, 192.168.1.20 is my server with nginx 1.4.6 on it:
New TCP connection #4: 192.168.1.140(30003) <-> 192.168.1.20(443)
4 1 0.0081 (0.0081) C>SV3.1(49) Handshake
ClientHello
Version 3.1
random[32]=
00 00 34 dc c4 e3 62 d2 26 84 1e 82 be 3a 75 f3
2a c9 cf 82 f9 3d ad d8 1e 6b 5f 63 40 9f 0e 9c
cipher suites
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
4 2 0.0084 (0.0003) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
20 fd 68 07 d1 e3 63 0a cf 39 b4 f8 65 e9 25 ed
09 9f c4 d9 c4 0d f2 b6 f0 82 2b f8 d9 ea 1a 3f
session_id[32]=
ea 25 8c fd 61 66 92 25 44 fb f0 74 7c 2a 4b bc
d6 76 8b 05 16 ed 4a ee 84 0b 0c 74 7f 23 b9 de
cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
4 3 0.0084 (0.0000) S>CV3.1(704) Handshake
Certificate
certificate[694]=
[removed for brevity]
4 4 0.0084 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
4 5 0.0548 (0.0463) C>SV3.1(262) Handshake
ClientKeyExchange
EncryptedPreMasterSecret[256]=
[removed for brevity]
4 6 0.0561 (0.0013) C>SV3.1(1) ChangeCipherSpec
4 7 0.0561 (0.0000) C>SV3.1(48) Handshake
4 8 0.0617 (0.0056) S>CV3.1(1) ChangeCipherSpec
4 9 0.0617 (0.0000) S>CV3.1(48) Handshake
4 10 0.0645 (0.0027) C>SV3.1(96) application_data
4 11 0.0647 (0.0001) C>SV3.1(64) application_data
4 12 0.0648 (0.0001) S>CV3.1(240) application_data
4 13 0.0653 (0.0004) C>SV3.1(112) application_data
4 14 0.0656 (0.0003) C>SV3.1(48) application_data
4 0.0658 (0.0001) S>C TCP FIN
4 0.0745 (0.0087) C>S TCP FIN
Subject Author Posted

Problems with nginx accepting tls connections

jonkeane February 29, 2016 01:06PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 327
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready