Intermittent SSL Handshake Errors

Lukas Tribus luky-37 at
Fri Feb 6 23:30:18 UTC 2015

> We've been unable to reproduce it with any one browser or IP address. It
> really is very intermittent. Fortunately, I believe we've gotten to the
> bottom of this. It looks like our data center switched us over to anti-DDoS
> route. This means all of our traffic has been passing through hardware that
> performs heavy packet filtering. The packet loss was causing a lot of
> confusion for both server and clients. The TLS version fallback that some
> browsers do upon an unsuccessful handshake made it all the more confusing,
> since these errors get logged as SSL errors in nginx logs.

So a MITM security device basically did a TLS downgrade attack here, which
the new fallback extension successfully prevented.

Thats a good thing, it means it works.


More information about the nginx mailing list