Proxying to older apache fails

sporkman nginx-forum at
Fri Apr 24 05:27:43 UTC 2015

I'm trying to keep an old apache install limping along for a few more months
by letting nginx handle the SSL connection between site visitors and

I have a pretty simple config on the nginx side for the proxy_pass config;

location / {
                        proxy_set_header        Host    $host;
                        proxy_set_header        X-Real-IP   $remote_addr;
                        proxy_send_timeout      360;
                        proxy_read_timeout      360;

I see the request hit the apache side, and with some debugging enabled, I'm
able to get some detail:

[Fri Apr 24 01:21:48 2015] [info] Initial (No.1) HTTPS request received for
child 6 (server
[Fri Apr 24 01:21:48 2015] [debug] ssl_engine_kernel.c(400): [client] Reconfigured cipher suite will force renegotiation
[Fri Apr 24 01:21:48 2015] [info] [client] Requesting connection
[Fri Apr 24 01:21:48 2015] [debug] ssl_engine_kernel.c(750): [client] Performing full renegotiation: complete handshake protocol
(client does support secure renegotiation)
[Fri Apr 24 01:21:48 2015] [info] [client] Awaiting
re-negotiation handshake
[Fri Apr 24 01:22:18 2015] [error] [client] Re-negotiation
handshake failed: Not accepted by client!?

This is nginx 1.6.2, OpenSSL 1.0.1m and Apache 2.2.25, OpenSSL 0.9.8y

Relevant apache config:

SSLEngine On
SSLVerifyClient none (tried with and without this)
SSLInsecureRenegotiation off  (tried with and without this)
SSLStrictSNIVHostCheck off  (tried with and without this)
SSLProtocol ALL -SSLv2

I've also tried forcing a TLSv1 and a single cipher on the nginx side,
thinking that might somehow simplify things, but no difference.

Any ideas?

Posted at Nginx Forum:,258341,258341#msg-258341

More information about the nginx mailing list