<div dir="ltr">Hello everyone, I'm new here and this my first post in this mailing list, <br><br>Maybe this is a frequently answered question but I could't find a solution. Maybe is a "layer 8" issue.<br>
<br>Right now, I have a Nginx(1.0.8) proxy running on Ubuntu 10.04 32bits, OpenSSL 0.9.8 doing a https upstream on port 33195. Here is a piece of the nginx.conf file:<br><br>......<br> location /external_services {<br>
proxy_pass <a href="https://x.x.x.x:33195/external_service">https://x.x.x.x:33195/external_service</a>;<br>
allow x.x.x.x;<br> deny all;<br> }<br>......<br><br><br>It is working, but I need to migrate this proxy to a new server. This new server runs Ubuntu 12.04, OpenSSL 1.0.1 and Nginx 1.5.10. <br><br>This server receive an <a href="http://myproxy/external_services">http://myproxy/external_services</a> request and proxy it to <a href="https://x.x.x.x:33195/external_service">https://x.x.x.x:33195/external_service</a>; (http to https)<br>
<br>When I try to access <a href="http://myproxy/external_services">http://myproxy/external_services</a> on the new server, I got a 502 error and I see this message in error.log :<br><br> "peer closed connection in SSL handshake while SSL handshaking to upstream"<br>
<br>I found that I can connect(from the proxy server) to <a href="https://x.x.x.x:33195/external_service">https://x.x.x.x:33195/external_service</a> using openssl, doing this:<br><br> $ openssl s_client -connect <a href="https://x.x.x.x:33195/external_service">https://x.x.x.x:33195/external_service</a> -no_tls1_1<br>
<br>I tried to disable TLSv1.1 in Nginx using the directive: ssl_protocols SSLv3 TLSv1; but nothing change. <br><br>I don't want to downgrade to Nginx(1.0.8) and OpenSSL 0.9.8 (I think is a possible solution).<br><br>
Any help? I'm doing something wrong, I can't find a solution.<br><br>Thanks,<br>Matias. <br clear="all"><div><br></div></div>