Welcome! Log In Create A New Profile

SSL Handshake Errors

Forum List Message List New Topic Print View

sachingp

November 19, 2020 01:28PM

Registered: 3 years ago
Posts: 4

Hi - We are using Nginx as a reverse proxy with SSL as a termination point

Call flow

Network Load Balancer (TCP) --> Nginx(SSL Termination) --> Vertx Servers (HTTP)

This is the config we use, fairly standard

upstream xyz {
server 127.0.0.1:8080;
keepalive 4096;
}

server {
listen 80;
listen 443 ssl;
ssl_certificate /etc/ssl/certs/bundle.crt;
ssl_certificate_key /etc/ssl/private/nginx-digicert.key;
# ssl_handshake_timeout 10s;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 4h;
# ssl_handshake_timeout 30s;
server_name _;
root /usr/share/nginx/html;
access_log /var/log/nginx/raps-access.log timed_combined buffer=8k flush=1m;
#access_log off;

# only log critical errors
error_log /var/log/nginx/raps-error.log info;

location / {
proxy_pass http://xyz;
proxy_pass_request_headers on;
proxy_ssl_server_name on;
proxy_http_version 1.1;
proxy_ssl_session_reuse on;
proxy_set_header Host $host;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

We see a lot of SSL handshake errors

2020/11/19 18:28:08 [info] 5784#0: *5771518 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.196, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5786#0: *5771519 peer closed connection in SSL handshake while SSL handshaking, client: 158.85.210.39, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5785#0: *5771520 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.201, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5786#0: *5771521 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.198, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5785#0: *5771522 peer closed connection in SSL handshake while SSL handshaking, client: 169.54.155.4, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5785#0: *5771524 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.202, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5784#0: *5771525 peer closed connection in SSL handshake while SSL handshaking, client: 158.85.210.39, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5784#0: *5771527 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.212, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5786#0: *5771528 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.202, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5783#0: *5771526 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.212, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5785#0: *5771529 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.204, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5785#0: *5771530 peer closed connection in SSL handshake while SSL handshaking, client: 169.54.155.82, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5785#0: *5771531 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.216, server: 0.0.0.0:443
2020/11/19 18:28:08 [info] 5785#0: *5771533 peer closed connection in SSL handshake while SSL handshaking, client: 169.53.151.201, server: 0.0.0.0:443

Mostly this code

2020/11/19 18:15:00 [debug] 5525#0: *5703427 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5524#0: *5703640 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5525#0: *5703079 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5525#0: *5702872 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5524#0: *5703173 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5524#0: *5703406 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5524#0: *5703705 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5524#0: *5703764 SSL_get_error: 5
2020/11/19 18:15:00 [debug] 5524#0: *5703765 SSL_get_error: 5
2020/11/19 18:15:00 [debug] 5525#0: *5703766 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5525#0: *5703632 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5524#0: *5703406 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5523#0: *5703177 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5523#0: *5703357 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5524#0: *5703173 SSL_get_error: 2
2020/11/19 18:15:00 [debug] 5523#0: *5703627 SSL_get_error: 2

Please share your experience or thoughts asap

Reply Quote

RSS

Subject	Author	Posted
SSL Handshake Errors	sachingp	November 19, 2020 01:28PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 267

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018