SSL_read error on multiple simultaneous upstream SSL downloads
Maxim Dounin
mdounin at mdounin.ru
Fri Oct 18 19:06:05 UTC 2013
Hello!
On Fri, Oct 18, 2013 at 06:01:14PM +0000, Agent Coulson wrote:
> I am able to reproduce the following error when I have nginx configured
> with an upstream https connection. I have tweaked various settings all to
> no avail (proxy_buffer_size, proxy_buffers, proxy_ssl_session_reuse).
>
> 2013/10/18 17:17:31 [debug] 15644#0: *39 SSL_read: -1, SSL_pending: 16384
> 2013/10/18 17:17:31 [debug] 15644#0: *39 SSL_get_error: 1
> 2013/10/18 17:17:31 [error] 15644#0: *39 SSL_read() failed (SSL:
> error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record
> mac) while sending to client, client: 127.0.0.1, server: -, request: "GET
> /test-1 HTTP/1.1", upstream: "https://x.x.x.x:443/test-1", host:
> "localhost:1182"
I tend to think it's highly unlikely it's a problem in nginx.
Most likely, it's a problem either in OpenSSL library used on
nginx side, or in SSL implementation used on a backend.
First thing I would recommend to test is to make sure you are able
to reporoduce the problem:
1. Using nginx statically compiled with a known version of the
OpenSSL library (--with-openssl=..., with sources from
openssl.org).
2. Using the same nginx as a backend.
[...]
> I've seen a bug report on this too (http://trac.nginx.org/nginx/ticket/215),
> so thought i would send this here to see if anyone else is actively working
> on the issue.
As of now, no one provided enough steps to reproduce the problem.
And, see above, most likely the problem is not in nginx.
--
Maxim Dounin
http://nginx.org/en/donation.html
More information about the nginx-devel
mailing list