SSL with client certificate errors

Igor Sysoev igor at sysoev.ru
Tue Feb 23 12:24:14 MSK 2010


On Tue, Feb 23, 2010 at 04:52:29PM +0900, Zev Blut wrote:

> On 02/09/2010 02:11 AM, Slawek Zak wrote:
> > Hi,
> >
> > I use nginx 0.7.62 to proxy a web application and secure it with
> > client certificates. Quite often NGINX just responds with connection
> > reset to Firefox and generates this error:
> >
> > 2010/02/08 18:04:49 [crit] 8248#0: *41 SSL_do_handshake() failed (SSL:
> > error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context
> > uninitialized) while SSL handshaking, client: 77.x.x.x, server
> > 89.x.x.x
> >
> > Any ideas?
> 
> I too am getting similar errors with 0.7.65:
> 
> 2010/02/23 16:02:19 [crit] 7224#0: *46254 SSL_do_handshake() failed 
> (SSL: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id 
> context uninitialized) while SSL handshaking, client: 192.x.x.x, server: 
> example.com

What is your ssl_session_cache settings ?

> I also get lots of odd entries in my access logs related to this.
> 192.x.x.x - - [23/Feb/2010:16:47:04 +0900] "\x16...(snip lots of codes)" 
> 400 173 "-" "-" 0.000 "-" "-" "-" [-] - - - [-] [-]

"\x16..." is SSLv3 handshake message. It seems that nginx logs it as
request line since nginx treats it like a bad request.


-- 
Igor Sysoev
http://sysoev.ru/en/



More information about the nginx mailing list