Bug re: openssl-1.0.1

Peter Fraser petros.fraser at gmail.com
Mon Jan 12 15:58:16 UTC 2015


Sorry for taking so long to reply. I am running FreeBSD 10.1 RELEASE and it
is Openssl version is OpenSSL 1.0.1j and I installed it from the ports tree
(source).

Regards

On Tue, Jan 6, 2015 at 4:56 PM, Lukas Tribus <luky-37 at hotmail.com> wrote:

> > Hi. Thanks for replying.
> > I read it in two places. Here are the links.
> > 1.
> >
> http://serverfault.com/questions/436737/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server
> > 2.
> >
> http://w3facility.org/question/forcing-a-particular-ssl-protocol-for-an-nginx-proxying-server/
> >
> > The full error is this: peer closed connection in SSL handshake while
> > SSL handshaking, client: <client_IP>, server: <Server_FQDN> request:
> > "POST
> >
> /Microsoft-Server-ActiveSync?Cmd=Ping&User=<domain>%5C<user_name>&DeviceId=SEC090121863242D&DeviceType=SAMSUNGSMT800
> > HTTP/1.1", upstream:
> > "https://SERVER_IP:443/Microsoft-Server-ActiveSync?Cmd=Ping&User=
> <DOMAIN>%5C<USER_NAME>&DeviceId=SAMSUNGSGHI337",
> > host: "<SERVER_FQDN>"
> >
> > produced with debugging enabled.
> >
> >
> > If I run openssl s_client -connect <SERVER_IP:443  I get:
> > CONNECTED(00000003)
> > 675508300:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
> >
> failure:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_lib.c:184:
> > [...]
> > If I run openssl s_client -connect <SERVER_IP:443 -SSL3 the connection
> > works but it won't work from nginx even when I enable SSLv3.
>
> Ok, so you are running in this particular bug. However, its supposed to be
> fixed a very long time ago, in openssl 1.0.1b.
>
> I guess are running with an nginx executable from a third party, that has
> been linked to an older release of openssl.
>
> What OS/kernel/nginx/openssl release are you running exactly and how
> did you install it (for example did you install openssl and nginx via
> apt-get from original ubuntu repositoriers, or did you install from nginx
> repository or from source)?
>
>
>
> Lukas
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20150112/c0fbf5cb/attachment.html>


More information about the nginx mailing list