Intermittent SSL Handshake Errors

Maxim Dounin mdounin at
Sun Mar 22 01:12:58 UTC 2015


On Sat, Mar 21, 2015 at 11:59:17AM -0400, tempspace wrote:

> I should specify that I agree with what is happening. We have clients that
> are falling back under normal conditions, and the latest libssl that
> implemented fallback prevention for TLS is stopping.  I have downgraded our
> libssl and I'm looking in my logs, and I see plenty of iOS 8 devices that
> auto-negotiate to TLS 1.2 that end up with a TLS 1.0 session. When the new
> libssl is installed, these connections get blocked.
> Is there a way to turn off the fallback prevention for TLS on the server
> side while we try to figure out what's happening?

Looking though OpenSSL code - I don't think it's possible without 
OpenSSL code changes.  Changes will be trivial though.

Maxim Dounin

More information about the nginx mailing list