Welcome! Log In Create A New Profile

Advanced

Unsupported Protocol while proxying thrugh ngnix reverse proxy

April 01, 2024 09:18AM
Hi Team,

I just setup nginx version on Ubuntu 24.0 and configured proxy_pass settings however page is not getting opened and consistently getting below error

2024/04/01 18:10:37 [crit] 73898#73898: *5247 SSL_do_handshake() failed (SSL: error:0A0000BF:SSL routines::no protocols available) while SSL handshaking to upstream, client: xx.xx.xx, server: eb.example.com, request: "GET / HTTP/2.0", upstream: "https://xx.xx.xx.xx:443/", host: "eb.example.com"

Then I done a debug but not sure what is the issue. One thing I came to know that settings on backend server is pretty low and here is what I achieved through openssl from my proxy_server. Can someone please suggest what settings I need to consider on my nginx version. Upgrading server is next to impossible hence wondering how can I achieve from my end?

openssl s_client -connect eb.exmaple.co:443 -verify 3 -cipher "DEFAULT:@SECLEVEL=3"

The same error appears for Depth 3,2,1

verify depth is 3
CONNECTED(00000003)
140407554741440:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../ssl/statem/statem_lib.c:1941:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 65 bytes and written 293 bytes
Verification: OK
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---

But When I do "0"

verify depth is 3
CONNECTED(00000003)
depth=0 CN = *.example.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = *.example.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:CN = *.example.com
i:C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGJDCCBQygAwIBAgIRANyAOsFl1gpt8wjimmI77tIwDQYJKoZIhvcNAQELBQAw
gY8xCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGDAWBgNVBAoTD1NlY3RpZ28gTGltaXRlZDE3MDUGA1UE
AxMuU2VjdGlnbyBSU0EgRG9tYWluIFZhbGlkYXRpb24gU2VjdXJlIFNlcnZlciBD
QTAeFw0yMzEwMTMwMDAwMDBaFw0yNDExMTIyMzU5NTlaMBQxEjAQBgNVBAMMCSou
ZG5zYi5pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANZZIGpjN8uZ
oaGHjCBuZoA2bcr3KP8GqDTddJNC60WIPtIC+mHm8GaRw0xtOdo4AI59D6PaIISR
(Redacted)
-----END CERTIFICATE-----
subject=CN = *.example.com

issuer=C = GB, ST = Greater Manchester, L = Salford, O = Sectigo Limited, CN = Sectigo RSA Domain Validation Secure Server CA

---
No client certificate CA names sent
Peer signing digest: MD5-SHA1
Peer signature type: RSA
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 2481 bytes and written 516 bytes
Verification error: unable to verify the first certificate
---
New, SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1
Cipher : DHE-RSA-AES256-SHA
Session-ID: 3C630FBB568360A155D8...........................
Session-ID-ctx:
Master-Key: 020511075BC573C.........................
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket:
0000 - 0a a8 26 26 4a eb bc e5-d1 45 f6 78 42 42 b0 1e ..&&J....E.xBB..
0010 - e1 46 e7 d5 c7 b3 73 51-ad b8 81 d3 3f 19 a9 e6 .F....sQ....?...
(Redacted)

Start Time: 1711977420
Timeout : 7200 (sec)
Verify return code: 21 (unable to verify the first certificate)
Extended master secret: no

Can someone please help?
Subject Author Posted

Unsupported Protocol while proxying thrugh ngnix reverse proxy

blason April 01, 2024 09:18AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 136
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready