<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class="">Hello,<div class=""><br class=""></div><div class="">I eventually found out that the problem was a missing “<span style="font-family: Menlo; background-color: rgb(255, 255, 255);" class="">proxy_ssl_server_name on;</span>”. </div><div class=""><br class=""></div><div class="">Without the Server Name Indication (SNI) in the TLS handshake, the server returns a certificate that causes this problem.</div><div class=""><br class=""></div><div class="">I am also wondering if these days the default should be on. It seems that SNI is in widespread use.</div><div class=""><br class=""></div><div class="">Roger</div><div class=""><br class=""></div><div class=""><div><br class=""><blockquote type="cite" class=""><div class="">On Aug 30, 2018, at 11:13 AM, Maxim Dounin <<a href="mailto:mdounin@mdounin.ru" class="">mdounin@mdounin.ru</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">Hello!<br class=""><br class="">On Thu, Aug 30, 2018 at 09:09:44AM -0700, Roger Fischer wrote:<br class=""><br class=""><blockquote type="cite" class="">Hello,<br class=""><br class="">is there a way to make NGINX more forgiving on TLS certificate errors? Or would that have to be done in OpenSSL instead?<br class=""><br class="">When I use openssl s_client, I get the following errors from the upstream server:<br class=""><br class="">140226185430680:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:103:<br class="">140226185430680:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705:<br class="">140226185430680:error:1408D07B:SSL routines:ssl3_get_key_exchange:bad signature:s3_clnt.c:2010:<br class=""><br class="">This causes NGINX (reverse proxy) to return 502 Bad Gateway to the browser.<br class=""><br class="">The NGINX error log shows:<br class=""><br class="">2018/08/29 09:09:59 [crit] 11633#11633: *28 SSL_do_handshake() failed (SSL: error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01 error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed error:1408D07B:SSL routines:ssl3_get_key_exchange:bad signature) while SSL handshaking to upstream, client: 192.168.1.66, server: <a href="http://s5.example.com" class="">s5.example.com</a>, request: "GET /xyz<br class=""><br class="">I have added “proxy_ssl_verify off;”, but that did not make any difference.<br class=""><br class="">Surprisingly, the browser (directly to the upstream server) does not complain about the TLS error.<br class=""><br class="">Is there anything else I can do either in NGINX or openssl to suppress the 502 Bad Gateway?<br class=""><br class="">Thanks…<br class=""><br class="">Roger<br class=""><br class="">PS: I don’t have control over the upstream server, so I can’t fix the root cause (faulty certificate).<br class=""></blockquote><br class="">As per the error message, the problem seems to be not with the <br class="">cerifitcate, but with the key exchange during the SSL handshake. <br class="">For some reason signature verification after the key exchange <br class="">fails due to wrong padding.<br class=""><br class="">Most likely the problem is specific to some ciphers, so forcing a <br class="">different cipher with proxy_ssl_ciphers could help, see <br class=""><a href="http://nginx.org/r/proxy_ssl_ciphers" class="">http://nginx.org/r/proxy_ssl_ciphers</a>.<br class=""><br class="">-- <br class="">Maxim Dounin<br class=""><a href="http://mdounin.ru/" class="">http://mdounin.ru/</a><br class="">_______________________________________________<br class="">nginx mailing list<br class="">nginx@nginx.org<br class="">http://mailman.nginx.org/mailman/listinfo/nginx</div></div></blockquote></div><br class=""></div></body></html>