Welcome! Log In Create A New Profile

Advanced

Re: nginx-0.7.46

All files from this thread

File Name File Size   Posted by Date  
patch.freebsd4 1.8 KB open | download Igor Sysoev 03/30/2009 Read message
patch.openbsd 465 bytes open | download Igor Sysoev 04/01/2009 Read message
April 01, 2009 06:15AM
2009/4/1 Igor Sysoev <is@rambler-co.ru>:

> Thank you, beecrypt looks intresting, although its interface is different
> from OpenSSL/libmd's one.

I don't know if it would be a good thing for nginx to require
something additional like it.

I'd rather see it leverage the standard openssl :)

BTW, did you take a look at my SSL error? I cannot determine what the
problem is. The only idea that I seem to have at the moment is during
peak usage periods, the issue comes up.

I get this:

2009/03/26 01:11:00 [info] 6523#0: *665 SSL_do_handshake() failed
(SSL: error:140943FC SL routines SL3_READ_BYTES slv3 alert bad record
mac) while SSL handshaking, client: 22.11.8.27, server:
bugzilla.foo.org
2009/03/26 01:11:00 [debug] 6523#0: *664 SSL handshake handler: 0
2009/03/26 01:11:00 [debug] 6523#0: *664 SSL_do_handshake: -1
2009/03/26 01:11:00 [info] 6523#0: *664 peer closed connection in SSL
handshake (104: Connection reset by peer) while SSL handshaking,
client: 22.11.8.27, server: bugzilla.foo.org

I can't find any workarounds on the net, it seems to be only with Firefox 3.x.

Is there a tuneable or anything that would increase SSL performance or
available resources (the server is not highly utilized which is what
is weird...) that nginx can do, or could this be an openssl bug? It
seems like I found in nginx you recently had added those return values
of the "bad record mac" to the code, but I don't know -why- that is
happening, and only during specific periods of time, which is why I
think it is load related...

I've already done the ssl_protocols SSLv3 TLSv1; and that's fixed my
other servers and even other sites on the same server. It's this one
specific site and I've regenerated the SSL cert/etc...

It does proxy to apache, that's the only difference...

server {
listen 1.2.3.4:443;
server_name bugzilla.foo.org;
ssl on;
ssl_certificate /etc/nginx/certs/bugzilla.foo.org.pem;
ssl_certificate_key /etc/nginx/certs/bugzilla.foo.org.key;
ssl_protocols SSLv3 TLSv1;
location / {
proxy_pass http://127.0.0.1:81/;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_pass_header Expires;
proxy_pass_header Server;
proxy_buffering off;
}
}

Any help is appreciated.
Subject Author Posted

nginx-0.7.46

Igor Sysoev March 30, 2009 07:06AM

Re: nginx-0.7.46

Maxim Dounin March 30, 2009 07:43AM

Re: nginx-0.7.46 Attachments

Igor Sysoev March 30, 2009 08:21AM

Re: nginx-0.7.46

Ex Ex March 30, 2009 01:55PM

Re: nginx-0.7.46

Ruslan Malymon March 30, 2009 02:03PM

Re: nginx-0.7.46

Otto Bretz April 01, 2009 10:16AM

Re: nginx-0.7.46

Igor Sysoev April 01, 2009 10:20AM

Re: nginx-0.7.46

Otto Bretz April 01, 2009 11:12AM

Re: nginx-0.7.46 Attachments

Igor Sysoev April 01, 2009 11:17AM

Re: nginx-0.7.46

Otto Bretz April 01, 2009 12:20PM

Re: nginx-0.7.46

adi March 30, 2009 01:11PM

Re: nginx-0.7.46

Igor Sysoev March 31, 2009 02:53AM

RE: nginx-0.7.46

Glen Lumanau March 31, 2009 10:49PM

Re: nginx-0.7.46

Igor Sysoev April 01, 2009 12:59AM

RE: nginx-0.7.46

Glen Lumanau April 01, 2009 03:16AM

RE: nginx-0.7.46

Glen Lumanau April 01, 2009 03:33AM

Re: nginx-0.7.46

mike April 01, 2009 03:29AM

Re: nginx-0.7.46

Igor Sysoev April 01, 2009 03:37AM

Re: nginx-0.7.46

mike April 01, 2009 03:50AM

Re: nginx-0.7.46

Igor Sysoev April 01, 2009 05:25AM

Re: nginx-0.7.46

mike April 01, 2009 06:15AM

Re: nginx-0.7.46

Igor Sysoev April 01, 2009 03:53AM

Re: nginx-0.7.46

mike April 01, 2009 04:07AM

Re: nginx-0.7.46

Igor Sysoev April 01, 2009 04:10AM

Re: nginx-0.7.46

mike April 01, 2009 05:11AM

RE: nginx-0.7.46

Glen Lumanau April 01, 2009 05:17AM

Re: nginx-0.7.46

Igor Sysoev April 01, 2009 03:24AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 239
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready