SSL with client certificate errors
zblut at cerego.co.jp
Tue Feb 23 12:35:54 MSK 2010
On 02/23/2010 06:24 PM, Igor Sysoev wrote:
> On Tue, Feb 23, 2010 at 04:52:29PM +0900, Zev Blut wrote:
>> On 02/09/2010 02:11 AM, Slawek Zak wrote:
>>> I use nginx 0.7.62 to proxy a web application and secure it with
>>> client certificates. Quite often NGINX just responds with connection
>>> reset to Firefox and generates this error:
>>> 2010/02/08 18:04:49 [crit] 8248#0: *41 SSL_do_handshake() failed (SSL:
>>> error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context
>>> uninitialized) while SSL handshaking, client: 77.x.x.x, server
>>> Any ideas?
>> I too am getting similar errors with 0.7.65:
>> 2010/02/23 16:02:19 [crit] 7224#0: *46254 SSL_do_handshake() failed
>> (SSL: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id
>> context uninitialized) while SSL handshaking, client: 192.x.x.x, server:
> What is your ssl_session_cache settings ?
At the moment it is not set, so it is using whatever the default is.
Here is a short example of what I am using:
ssl_protocols SSLv3 TLSv1;
# Make sure we verify client side SSL
>> I also get lots of odd entries in my access logs related to this.
>> 192.x.x.x - - [23/Feb/2010:16:47:04 +0900] "\x16...(snip lots of codes)"
>> 400 173 "-" "-" 0.000 "-" "-" "-" [-] - - - [-] [-]
> "\x16..." is SSLv3 handshake message. It seems that nginx logs it as
> request line since nginx treats it like a bad request.
So I guess there is not much we can do about that.
More information about the nginx