Intermittent SSL Handshake Errors

tempspace nginx-forum at nginx.us
Mon Feb 2 20:26:29 UTC 2015


My first question is do these 
I have been fighting a similar issue with SSL handshake issues for the past
few days. After reboots and upgrades for GHOST, we started seeing errors
like this in our error logs constantly:

*579 SSL_do_handshake() failed (SSL: error:140A1175:SSL
routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback) while SSL
handshaking,

in conjunction with an elevated error rate in client requests to nginx in
the initial connection phase. I'm not completely sure if the two issues are
correlated to be honest, I'm still in the troubleshooting process.

I am on a Debian Wheezy system and it started happening with the libssl
package 1.0.1e-2+deb7u13 and continues with u14. As soon as I rolled back
libssl to u12 and restarted nginx, the logging of errors goes away.  I then
tested ssl to make sure we weren't vulnerable to POODLE or Heartbleed, and
it's all clear. I would recommend trying to go back a few versions in
libssl, restarting nginx and see if that helps, making sure you're not
leaving yourself open to the major vulnerabilities.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256373,256407#msg-256407



More information about the nginx mailing list