Welcome! Log In Create A New Profile

Advanced

Re: SSL handshake attack mitigation

Sergey Kandaurov
November 07, 2019 07:12AM
> On 6 Nov 2019, at 22:41, mogwai <nginx-forum@forum.nginx.org> wrote:
>
> My first question is regarding the particular error log messages produced
> during the attack - see example below:
>
> [info] 8050#8050: *146 SSL_do_handshake() failed (SSL: error:14094416:SSL
> routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number
> 46) while SSL handshaking, client: XXX.XXX.XXX.XXX, server: 0.0.0.0:443
>
> The "certificate unknown" seems to suggest that nginx is trying to verify
> the certificate of the client, yet "ssl_verify_client" should be off by
> default, so why does nginx care about that certificate?

That's opposite: nginx received a certificate_unknown alert message
from a client for some reason while in handshake.

--
Sergey Kandaurov

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

SSL handshake attack mitigation

mogwai November 06, 2019 02:41PM

Re: SSL handshake attack mitigation

gariac November 06, 2019 03:24PM

Re: SSL handshake attack mitigation

Sergey A. Osokin November 06, 2019 03:36PM

Re: SSL handshake attack mitigation

Sergey Kandaurov November 07, 2019 07:12AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 130
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready