ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session
Abilio Marques
abiliojr at gmail.com
Thu Mar 8 11:16:50 UTC 2018
Using NGINX 1.12.2 on MIPS (haven't tested on x86), if I set:
ssl_session_cache shared:SSL:1m; # it also fails with 10m
And the client reestablishes the connection, it
gets: net::ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session.
Has anyone seen anything like this?
More detail:
This was tested on 1.12.2, on a MIPS CPU, using OpenSSL 1.0.2j, and built
by gcc 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r47070).
Interesting portion of my configuration file:
server {
listen 443 ssl;
ssl_certificate /etc/ssl/certs/bridge.cert.pem;
ssl_certificate_key /etc/ssl/private/bridge.key.pem;
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256;
ssl_ecdh_curve prime256v1;
ssl_session_timeout 24h;
ssl_session_tickets on;
ssl_session_cache shared:SSL:1m; # set to 10m, still fails, remove, the
problem seems to disappear
keepalive_timeout 1s; # reduced during troubleshooting to make it
trigger easily
keepalive_requests 1; # reduced during troubleshooting to make it
trigger easily
include apiv1.conf; # where all the location rules are
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180308/12cb9484/attachment-0001.html>
More information about the nginx
mailing list