ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session

Abilio Marques abiliojr at
Thu Mar 8 11:16:50 UTC 2018

Using NGINX 1.12.2 on MIPS (haven't tested on x86), if I set:

ssl_session_cache shared:SSL:1m; # it also fails with 10m

And the client reestablishes the connection, it
gets: net::ERR_SSL_BAD_RECORD_MAC_ALERT when trying to reuse SSL session.

Has anyone seen anything like this?

More detail:

This was tested on 1.12.2, on a MIPS CPU, using OpenSSL 1.0.2j, and built
by gcc 4.8.3 (OpenWrt/Linaro GCC 4.8-2014.04 r47070).

Interesting portion of my configuration file:

server {
    listen 443 ssl;

    ssl_certificate /etc/ssl/certs/bridge.cert.pem;
    ssl_certificate_key /etc/ssl/private/bridge.key.pem;

    ssl_protocols TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256;
    ssl_ecdh_curve prime256v1;

    ssl_session_timeout 24h;
    ssl_session_tickets on;
    ssl_session_cache shared:SSL:1m; # set to 10m, still fails, remove, the
problem seems to disappear

    keepalive_timeout 1s; # reduced during troubleshooting to make it
trigger easily
    keepalive_requests 1; # reduced during troubleshooting to make it
trigger easily

    include apiv1.conf; # where all the location rules are
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list