NGINX IMAP proxy and outlook ios/android app

bobykus nginx-forum at forum.nginx.org
Mon Oct 9 13:45:26 UTC 2017


Looks like since mid of Sept  we can not use nginx as an imap(s) proxy for
mobile outlook apps (both IOS and Android ).
SSL handshake is just dropping  like


2017/10/09 15:32:01 [debug] 30391#0: *184 accept: 52.166.246.73 fd:44
2017/10/09 15:32:01 [info] 30391#0: *184 client 52.166.246.73 connected to
0.0.0.0:993
2017/10/09 15:32:01 [debug] 30391#0: *184 SSL_do_handshake: -1
2017/10/09 15:32:01 [debug] 30391#0: *184 SSL_get_error: 2
2017/10/09 15:32:01 [debug] 30391#0: *184 epoll add event: fd:44 op:1
ev:80000001
2017/10/09 15:32:01 [debug] 30391#0: *184 event timer add: 44:
60000:1507555981777
2017/10/09 15:32:31 [debug] 30391#0: *184 SSL handshake handler: 0
2017/10/09 15:32:31 [debug] 30391#0: *184 SSL_do_handshake: 0
2017/10/09 15:32:31 [debug] 30391#0: *184 SSL_get_error: 5
2017/10/09 15:32:31 [info] 30391#0: *184 peer closed connection in SSL
handshake while SSL handshaking, client: 52.166.246.73, server: 0.0.0.0:993
2017/10/09 15:32:31 [debug] 30391#0: *184 close mail connection: 44
2017/10/09 15:32:31 [debug] 30391#0: *184 SSL_shutdown: 1
2017/10/09 15:32:31 [debug] 30391#0: *184 event timer del: 44:
1507555981777
2017/10/09 15:32:31 [debug] 30391#0: *184 reusable connection: 0
2017/10/09 15:32:31 [debug] 30391#0: *184 free: 00000000024C12A0
2017/10/09 15:32:31 [debug] 30391#0: *184 free: 00000000024C1190, unused: 8

Wonder how  can I figure out what happened, MS support is not any helpful in
this case.
tcpdump does not show much also...


 openssl s_client  -connect mail.server.com:993  

show no errors too...

CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify return:1
depth=1 C = US, O = GeoTrust Inc., CN = RapidSSL SHA256 CA
verify return:1
depth=0 CN = *.server.com
verify return:1
---
Certificate chain
 0 s:/CN=*.server.com
   i:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA
 1 s:/C=US/O=GeoTrust Inc./CN=RapidSSL SHA256 CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
---


---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: DH, 2048 bits
---
SSL handshake has read 4717 bytes and written 417 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : DHE-RSA-AES128-GCM-SHA256
....

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276771,276771#msg-276771



More information about the nginx mailing list