Random SSL Handshake Errors

merlin corey merlincorey at dc949.org
Tue Feb 2 00:41:31 MSK 2010


On Sat, Jan 30, 2010 at 12:48 PM, Todd Yates <lists at ruby-forum.com> wrote:
> We're currently trying to get an nginx proxy connecting to an apache
> backend with end-to-end SSL up and running.
>
> Unfortunately we're randomly receiving 502 Bad Gateway errors from nginx
> (I'd say about 10% of the time).  We traced it back to a bad SSL
> Handshake where the nginx server sends back a TLS alert 21 (Decrypt
> Error) to the apache server.
>
> Nginx is currently running version 0.8.29 with OpenSSL 0.9.8g, and the
> apache back end is using apache 1.3.41 and OpenSSL 0.9.8k.
>
> Any help would be greatly appreciated.
>
> Thanks!
> --
> Posted via http://www.ruby-forum.com/.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>

I would start with updating nginx and openssl.

Also note that nginx is not a general proxy, and specifically, is not
a forward proxy.  Connecting nginx over SSL through the internet is
not what it is best at.

-- Merlin



More information about the nginx mailing list