<div dir="ltr">I did an ssldump and this is the conversation between both servers:<br><br>New TCP connection #1: <a href="http://nginx.domain.net">nginx.domain.net</a>(46318) <-> <a href="http://backend.domain.net">backend.domain.net</a>((443)<br>TCP: <a href="http://nginx.domain.net">nginx.domain.net</a>((46318) -> <a href="http://backend.domain.net">backend.domain.net</a>((443) Seq 54751863.(307) ACK 350741031 PUSH<br>1 1 1421082336.3009 (0.0012) C>SV3.1(302) Handshake<br> ClientHello<br> Version 3.3<br> random[32]=<br> 62 5f 64 b9 b1 3f b7 22 17 f0 87 92 f1 0e e5 9f<br> 5d c5 1b 66 c8 49 af 17 dc f7 5d b7 cc 7d 8d 49<br> cipher suites<br> Unknown value 0xc030<br> Unknown value 0xc02c<br> Unknown value 0xc028<br> Unknown value 0xc024<br> Unknown value 0xc014<br> Unknown value 0xc00a<br> Unknown value 0xa3<br> Unknown value 0x9f<br> Unknown value 0x6b<br> Unknown value 0x6a<br> Unknown value 0x39<br> Unknown value 0x38<br> Unknown value 0x88<br> Unknown value 0x87<br> Unknown value 0xc032<br> Unknown value 0xc02e<br> Unknown value 0xc02a<br> Unknown value 0xc026<br> Unknown value 0xc00f<br> Unknown value 0xc005<br> Unknown value 0x9d<br> Unknown value 0x3d<br> Unknown value 0x35<br> Unknown value 0x84<br> Unknown value 0xc02f<br> Unknown value 0xc02b<br> Unknown value 0xc027<br> Unknown value 0xc023<br> Unknown value 0xc013<br> Unknown value 0xc009<br> Unknown value 0xa2<br> Unknown value 0x9e<br> TLS_DHE_DSS_WITH_NULL_SHA<br> Unknown value 0x40<br> Unknown value 0x33<br> Unknown value 0x32<br> Unknown value 0x9a<br> Unknown value 0x99<br> Unknown value 0x45<br> Unknown value 0x44<br> Unknown value 0xc031<br> Unknown value 0xc02d<br> Unknown value 0xc029<br> Unknown value 0xc025<br> Unknown value 0xc00e<br> Unknown value 0xc004<br> Unknown value 0x9c<br> Unknown value 0x3c<br> Unknown value 0x2f<br> Unknown value 0x96<br> Unknown value 0x41<br> TLS_RSA_WITH_IDEA_CBC_SHA<br> Unknown value 0xc011<br> Unknown value 0xc007<br> Unknown value 0xc00c<br> Unknown value 0xc002<br> TLS_RSA_WITH_RC4_128_SHA<br> TLS_RSA_WITH_RC4_128_MD5<br> Unknown value 0xc012<br> Unknown value 0xc008<br> TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA<br> TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA<br> Unknown value 0xc00d<br> Unknown value 0xc003<br> TLS_RSA_WITH_3DES_EDE_CBC_SHA<br> TLS_DHE_RSA_WITH_DES_CBC_SHA<br> TLS_DHE_DSS_WITH_DES_CBC_SHA<br> TLS_RSA_WITH_DES_CBC_SHA<br> TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA<br> TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA<br> TLS_RSA_EXPORT_WITH_DES40_CBC_SHA<br> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5<br> TLS_RSA_EXPORT_WITH_RC4_40_MD5<br> Unknown value 0xff<br> compression methods<br> NULL<br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jan 6, 2015 at 5:12 PM, Lukas Tribus <span dir="ltr"><<a href="mailto:luky-37@hotmail.com" target="_blank">luky-37@hotmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">> I guess are running with an nginx executable from a third party, that has<br>
> been linked to an older release of openssl.<br>
<br>
</span>Since you can reproduce it with openssl s_client, it probably is more<br>
complicated than that.<br>
<br>
can you provide an ssldump of the failed connection attempt?<br>
<div class="HOEnZb"><div class="h5"><br>
<br>
Lukas<br>
<br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br></div>