Welcome! Log In Create A New Profile


Re: nginx 1.17.3 and TLSv1.3

Maxim Dounin
August 16, 2019 02:34PM

On Fri, Aug 16, 2019 at 02:15:22PM -0400, benztoy wrote:

> I want to run two nginx services on one host. They are nginxA and nginxB
> nginxA listening on https443 port. Only the tslv1.3 protocol is available.
> The configuration file is as follows:


>     Server {
>         Listen 443 ssl;
>         Server_name localhost;
>         Ssl_certificate cert.pem;
>         Ssl_certificate_key cert.key;
>         Ssl_session_cache shared: SSL: 1m;
>         Ssl_session_timeout 5m;
> Ssl_protocols TLSv1.3;

So only TLSv1.3 is enabled on the 443 port.


> location / {
> proxy_pass;
> proxy_ssl_session_reuse off;
> }

And no proxy_ssl_protocols set for proxying, so it only has TLSv1,
TLSv1.1, and TLSv1.2 enabled by default.


> But when I visit
> Return to 502 Bad Gateway
> Among them, nginx serving port 444 has error.log:
> SSL_do_handshake() failed (SSL: error:1409442E:SSL
> routines:ssl3_read_bytes:tlsv1 alert protocol version:SSL alert number 70)
> while SSL handshaking to upstream, client:, server: localhost,
> request: "GET / HTTP/1.1 ", upstream: "", host:
> ""
> Dear friends, What is the reason for this?
> My first service ssl protocol version of nginxA must be tslv1.3 only. There
> is no other lower version. Can I successfully access
> by modifying the nginxA or nginxB configuration file?

The problem is that you are trying to connect to a TLSv1.3-only
port by using the proxy not configured to use TLSv1.3. You have
to enable TLSv1.3 in your proxy configuration, something like:

proxy_ssl_protocol TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

should work. See http://nginx.org/r/proxy_ssl_protocols for
additional details.

Maxim Dounin
nginx mailing list
Subject Author Posted

nginx 1.17.3 and TLSv1.3

benztoy August 16, 2019 02:15PM

Re: nginx 1.17.3 and TLSv1.3

Maxim Dounin August 16, 2019 02:34PM

Re: nginx 1.17.3 and TLSv1.3

benztoy August 16, 2019 09:05PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 47
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready