Bug re: openssl-1.0.1

Peter Fraser petros.fraser at gmail.com
Tue Jan 6 22:46:12 UTC 2015


Hi. Thanks for replying.
I read it in two places. Here are the links.
1.
http://serverfault.com/questions/436737/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server
2.
http://w3facility.org/question/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server/

The full error is this: *peer closed connection in SSL handshake while SSL
handshaking, client: <client_IP>, server: <Server_FQDN> request: "POST
/Microsoft-Server-ActiveSync?Cmd=Ping&User=<domain>%5C<user_name>&DeviceId=SEC090121863242D&DeviceType=SAMSUNGSMT800
HTTP/1.1", upstream:
"https://SERVER_IP:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=
<https://SERVER_IP:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=><DOMAIN>%5C<USER_NAME>&DeviceId=SAMSUNGSGHI337",
host: "<SERVER_FQDN>"*

produced with debugging enabled.


If I run *openssl s_client -connect <SERVER_IP:443*  I get:
CONNECTED(00000003)
675508300:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:184:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 307 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

If I run

*openssl s_client -connect <SERVER_IP:443 -SSL3 the connection works but it
won't work from nginx even when I enable SSLv3.*

*Hope I provided enough info. If not please let me know.*





On Tue, Jan 6, 2015 at 5:09 PM, Lukas Tribus <luky-37 at hotmail.com> wrote:

> > Hi All
> > I'm trying to use nginx to also proxy to owa. I am getting the error
> > peer closed connection in SSL handshake while SSL handshaking to upstream
> >
> > I have read that this is due to a bug and that the solution is to
> > downgrade to openssl 1.0
>
> Where did you read that? From the information you provided, there
> is no way to understand the issue here at all.
>
> Reproduce this with nginx in debug mode, post the output and better
> yet, post an ssldump sample of the failed handshake as well.
>
>
>
> Lukas
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150106/4fe38370/attachment.html>


More information about the nginx mailing list