Welcome! Log In Create A New Profile

Advanced

Peer closed connection in SSL handshake

June 14, 2017 09:59AM
Hello.
I want to authenticate my server using certificates on my hardware.

I have created a private certificate with openssl and have completed the connection test without errors in the browser.


This is the setting for nginx.

server {
listen 14443;
listen [::]:14443;
ssl on;
ignore_invalid_headers off;
proxy_ssl_server_name on;
server_name cert.mydomain.com;

root /var/service/auth;
index index.html;

#include /etc/nginx/mime.types;

error_log /var/log/nginx/auth_ssl_err.log debug;
access_log /var/log/nginx/auth_ssl_acc.log;

ssl_certificate /etc/nginx/ssl/private/server.crt;
ssl_certificate_key /etc/nginx/ssl/private/server_key.pem;
ssl_client_certificate /etc/nginx/ssl/private/ca.crt;
ssl_verify_client on;
ssl_verify_depth 2;
ssl_session_cache shared:SSL:5m;
ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;

if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){
return 405;
}

location / {
proxy_pass http://localhost:8880;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header cert-expire $ssl_client_v_end;
proxy_set_header cert-dn $ssl_client_s_dn;
proxy_redirect default;
}
}

I get an error when I connect to the server with a user certificate (crt file) on my hardware.

Peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking, client: 222.110.133.193, server: 0.0.0.0:14001

Please help me with what is wrong.
Subject Author Posted

Peer closed connection in SSL handshake

tory June 14, 2017 09:59AM

Re: Peer closed connection in SSL handshake

tory June 16, 2017 03:25AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 101
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready