Setting the SSL protocol used on proxy_pass?

Maxim Dounin mdounin at
Tue Dec 30 23:27:17 UTC 2014


On Tue, Dec 30, 2014 at 09:44:17AM +0000, Edward Hibbert wrote:

> I am trying to set up a reverse proxy which handles SSL.  This is my first
> time, so I may be doing something stupid.
> On the NGINX which is acting as a proxy I get this:
> SSL_do_handshake() failed (SSL: error:140770FC:SSL
> routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to
> upstream,
> On the NGINX which is upstream I am configured to only accept TLS, because
> of recent SSL security problems.
>         ssl_protocols               TLSv1.2 TLSv1.1 TLSv1;
> I would guess that the problem here is that NGINX is opening the proxy
> connection using the wrong SSL protocol.  Is there a way to control which
> protocol it uses for the proxy connection?

There is the "proxy_ssl_protocols" directive to control which 
protocols are allowed while connecting to upstream HTTPS servers, 
see for details.  By 
default it allows SSLv3 and above, so it should be fine with the 
ssl_protocols you configured.  The message you are seeing may 
appear if you've accidentally set "proxy_ssl_protocols SSLv3" 

Maxim Dounin

More information about the nginx mailing list