Bug re: openssl-1.0.1

Lukas Tribus luky-37 at hotmail.com
Wed Jan 7 00:56:59 UTC 2015


> Hi. Thanks for replying. 
> I read it in two places. Here are the links. 
> 1.  
> http://serverfault.com/questions/436737/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server 
> 2.  
> http://w3facility.org/question/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server/ 
>  
> The full error is this: peer closed connection in SSL handshake while  
> SSL handshaking, client: <client_IP>, server: <Server_FQDN> request:  
> "POST  
> /Microsoft-Server-ActiveSync?Cmd=Ping&User=<domain>%5C<user_name>&DeviceId=SEC090121863242D&DeviceType=SAMSUNGSMT800  
> HTTP/1.1", upstream:  
> "https://SERVER_IP:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=<DOMAIN>%5C<USER_NAME>&DeviceId=SAMSUNGSGHI337",  
> host: "<SERVER_FQDN>" 
>  
> produced with debugging enabled. 
>  
>  
> If I run openssl s_client -connect <SERVER_IP:443  I get: 
> CONNECTED(00000003) 
> 675508300:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake  
> failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:184: 
> [...]
> If I run openssl s_client -connect <SERVER_IP:443 -SSL3 the connection  
> works but it won't work from nginx even when I enable SSLv3.

Ok, so you are running in this particular bug. However, its supposed to be
fixed a very long time ago, in openssl 1.0.1b.

I guess are running with an nginx executable from a third party, that has
been linked to an older release of openssl.

What OS/kernel/nginx/openssl release are you running exactly and how
did you install it (for example did you install openssl and nginx via
apt-get from original ubuntu repositoriers, or did you install from nginx
repository or from source)?



Lukas

 		 	   		  


More information about the nginx mailing list