SSL_read error on multiple simultaneous upstream SSL downloads

Maxim Dounin mdounin at
Fri Oct 18 19:06:05 UTC 2013


On Fri, Oct 18, 2013 at 06:01:14PM +0000, Agent Coulson wrote:

> I am able to reproduce the following error when I have nginx configured
> with an upstream https connection.  I have tweaked various settings all to
> no avail (proxy_buffer_size, proxy_buffers, proxy_ssl_session_reuse).
> 2013/10/18 17:17:31 [debug] 15644#0: *39 SSL_read: -1, SSL_pending: 16384
> 2013/10/18 17:17:31 [debug] 15644#0: *39 SSL_get_error: 1
> 2013/10/18 17:17:31 [error] 15644#0: *39 SSL_read() failed (SSL:
> error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record
> mac) while sending to client, client:, server: -, request: "GET
> /test-1 HTTP/1.1", upstream: "https://x.x.x.x:443/test-1", host:
> "localhost:1182"

I tend to think it's highly unlikely it's a problem in nginx.  
Most likely, it's a problem either in OpenSSL library used on 
nginx side, or in SSL implementation used on a backend.

First thing I would recommend to test is to make sure you are able 
to reporoduce the problem:

1. Using nginx statically compiled with a known version of the 
OpenSSL library (--with-openssl=..., with sources from

2. Using the same nginx as a backend.


> I've seen a bug report on this too (,
> so thought i would send this here to see if anyone else is actively working
> on the issue.

As of now, no one provided enough steps to reproduce the problem.  
And, see above, most likely the problem is not in nginx.

Maxim Dounin

More information about the nginx-devel mailing list