reverse proxy an apache who forces ssl

Isaac Hailperin i.hailperin at
Wed Jul 18 07:35:59 UTC 2012

On 07/17/2012 07:29 PM, Reinis Rozitis wrote:
>> 2012/07/17 18:40:05 [error] 5043#0: *1 SSL_do_handshake() failed (SSL:
> error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol)
> while SSL handshaking to upstream, client:, server:
>, request: "GET / HTTP/1.1", upstream:
> "", host: ""
>> in my log. What am I doing wrong?
> The error is kinda saying that the upstream is not talking SSL (or vice
> versa if I'm wrong).
> Can you show what does this return ( change the to your
> backend apache ip/host if its not the real one from the error message):
> openssl s_client -connect
Its the same error as with nginx:
~# openssl s_client -connect
7571:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 

> It will either return the SSL cert information (then the backend is fine
> and the problem is on nginx side) or the same error.
This would imply that the problem is on the backend (the apache) side.
But: I can connect to the backend directly (not via nginx) using https 
without any problem. So I am not sure about this conclusion.
Hm, it might still be a problem with the backend, but its not that ssl 
is not working in general on the backend.

Any hints are appreciated :)


More information about the nginx mailing list