SSL renegotiation probelm using nginx as reverse proxy to apache

Jonathan Matthews contact at
Fri Apr 4 08:32:37 UTC 2014

On 4 Apr 2014 01:57, "sean_at_stitcher" <nginx-forum at> wrote:
> I'm not sure I understand why apache wants to renegotiate with nginx, nor
> why nginx doesn't seem to want to do it (despite apache thinking it can.)

I vaguely recall seeing (on this list) the suggestion that Apache does this
(at least) when a request's post-SSL-negotiation, HTTP/layer-7 details
change Apache's idea of where/how the request should be handled. If that's
happening here, perhaps Apache is seeing your SSL* settings in different
vhosts as being different - even though they aren't really.

What happens if you move the SSL* directives up a level? Maybe not the
on/off flag - just the cipher/cert/key/info ones.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list