Bug re: openssl-1.0.1
Lukas Tribus
luky-37 at hotmail.com
Wed Jan 7 00:56:59 UTC 2015
> Hi. Thanks for replying.
> I read it in two places. Here are the links.
> 1.
> http://serverfault.com/questions/436737/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server
> 2.
> http://w3facility.org/question/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server/
>
> The full error is this: peer closed connection in SSL handshake while
> SSL handshaking, client: <client_IP>, server: <Server_FQDN> request:
> "POST
> /Microsoft-Server-ActiveSync?Cmd=Ping&User=<domain>%5C<user_name>&DeviceId=SEC090121863242D&DeviceType=SAMSUNGSMT800
> HTTP/1.1", upstream:
> "https://SERVER_IP:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=<DOMAIN>%5C<USER_NAME>&DeviceId=SAMSUNGSGHI337",
> host: "<SERVER_FQDN>"
>
> produced with debugging enabled.
>
>
> If I run openssl s_client -connect <SERVER_IP:443 I get:
> CONNECTED(00000003)
> 675508300:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:184:
> [...]
> If I run openssl s_client -connect <SERVER_IP:443 -SSL3 the connection
> works but it won't work from nginx even when I enable SSLv3.
Ok, so you are running in this particular bug. However, its supposed to be
fixed a very long time ago, in openssl 1.0.1b.
I guess are running with an nginx executable from a third party, that has
been linked to an older release of openssl.
What OS/kernel/nginx/openssl release are you running exactly and how
did you install it (for example did you install openssl and nginx via
apt-get from original ubuntu repositoriers, or did you install from nginx
repository or from source)?
Lukas
More information about the nginx
mailing list