Nginx + Android + ssl = 400

Sat Feb 28 22:52:24 UTC 2015

Andrey Kopeyko Wrote:
-------------------------------------------------------
> 
> Это вы уже повторяли. Но diff так и не показали.

Вот дифф. ssl_certificate для боевого хоста используется купленный. Для
теста соответственно самовыданный
2c2
< 	server 192.161.10.253:443;
---
> 	server 192.168.1.253:443;
7c7
<        listen         123.13.123.4:80;
---
>        listen         *:80;
18,21c18,21
< #	ssl_certificate /etc/nginx/exchange_ssl/ssl/server.crt;
< #	ssl_certificate_key /etc/nginx/exchange_ssl/ssl/server.nopass.key;
<        ssl_certificate
/etc/pki/tls/certs/22_01_2020/example.com_full.crt;
<        ssl_certificate_key
/etc/pki/tls/private/22_01_2020/example.com.key;
---
> 	ssl_certificate /etc/nginx/config/ssl/exchange.crt;
> 	ssl_certificate_key /etc/nginx/config/ssl/exchange.nopass.key;
> #       ssl_certificate
/etc/pki/tls/certs/22_01_2020/example.com_full.crt;
> #       ssl_certificate_key
/etc/pki/tls/private/22_01_2020/example.com.key;
25c25
< #	ssl_protocols	     TLSv1.1;
---
> #       ssl_protocols        TLSv1.1;
27c27
< 	ssl_client_certificate /etc/nginx/exchange_ssl/ssl/ca.crt;
---
> 	ssl_client_certificate /etc/nginx/config/ssl/ca.crt;
58,59c58,59
<                error_log /var/log/nginx/exchange.example.com_owa_error.log
debug;
<                access_log
/var/log/nginx/exchange.example.com_owa_access.log exchange;
---
>                error_log /var/log/nginx/exchange.example.com_owa_error.log
;
>                access_log
/var/log/nginx/exchange.example.com_owa_access.log;
73a74
> 
77,79c78,79
< 
<         error_log /var/log/nginx/exchange.example.com_main_error.log
debug;
<         access_log /var/log/nginx/exchange.example.com_main_access.log
exchange;
---
>         error_log /var/log/nginx/exchange.example.com_error.log ;
>         access_log /var/log/nginx/exchange.example.com_access.log
exchange;
81a82
>

> Если клиент один и тот же - остаётся только вооружаться tcpdump, и под
> 
> микроскопом изучать различия в двух ssl-handshake.

Снял strace в момент обращения, но там мало понятного.

Posted at Nginx Forum: http://forum.nginx.org/read.php?21,256951,256965#msg-256965