SSL Handshake Failure with error:1407609B:SSL in error logs

Frank Liu gfrankliu at gmail.com
Fri Jul 6 17:06:10 UTC 2018


Since your backend is already doing ssl, you should remove ssl from the
listen, so that nginx will just do a simple TCP pass through:

Change
listen 443 ssl;
to
listen 443;


On Wed, Jul 4, 2018 at 12:31 AM, shivramg94 <nginx-forum at forum.nginx.org>
wrote:

> Hi,
>
> We are trying to configure TCP load balancing with TLS termination. But
> when
> we try to access the URL, we could see the below error in the nginx error
> and access logs
>
> Nginx Error Log:
>
> 2018/07/04 07:16:45 [crit] 7944#0: *61 SSL_do_handshake() failed (SSL:
> error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request)
> while SSL handshaking, client: XX.XXX.XX.XX, server: 0.0.0.0:443
>
> Nginx Access Log:
>
> 10.90.241.125 - - [04/Jul/2018:07:24:55 +0000] TCP 500 0 0 0.000 "-"
>
> The nginx.conf file looks like this
>
> stream {
>   log_format sample '$remote_addr - - [$time_local] $protocol $status
> $bytes_sent $bytes_received $session_time "$upstream_addr"';
>   upstream backends {
>      server sample-domain-name.com:443;
>   }
>   server {
>     listen 443 ssl;
>     access_log /etc/access_logs/tcp_access_log sample;
>     ssl_certificate      Certificate_PATH;
>     ssl_certificate_key Private_Key_Path;
>     proxy_ssl off;
>     proxy_pass backends;
>   }
> }
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?2,280396,280396#msg-280396
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180706/d1d0ee0a/attachment.html>


More information about the nginx mailing list