Nginx SSL_do_handshake failed routines SSL3_CHECK_CLIENT_HELLO

nginxssl

I found this in my error log:

2012/05/29 14:01:02 [crit] 30038#0: *4186107 SSL_do_handshake() failed (SSL: error:14124145:SSL routines:SSL3_CHECK_CLIENT_HELLO:multiple sgc restarts) while SSL handshaking, client: 80.208.151.166, server: iridium

Any idea what this is about?

Best Answer

This error message appears to have been added to the OpenSSL code in response to CVE-2011-4619.

The error occurs if the client has restarted its client handshake more than once in a single connection negotiation, instead of the server allowing the client to repeatedly restart the handshake and keep a connection open forever.

So, you have a misbehaving SSL client, which may be either unintentional or malicious. Either way, your SSL server responded by stopping the connection on the second attempt at restarting the handshake process, which is good! Probably nothing to worry about, unless it's persistently repeated.

Related Solutions

Nginx – How to Configure Nginx as Reverse Proxy with Upstream SSL

I found what was the error, I needed to add proxy_ssl_session_reuse off;

Nginx proxy keeps getting bad gateway

By default SELinux prevents the web server from making outbound connections to foreign hosts.

You can change this and allow outgoing connections by setting the httpd_can_network_connect boolean.

setsebool -P httpd_can_network_connect 1

Best Answer

Related Solutions

Nginx – How to Configure Nginx as Reverse Proxy with Upstream SSL

Nginx proxy keeps getting bad gateway

Related Topic