SSL errors, verbosity level

Sergey Kandaurov pluknet at nginx.com
Tue Jul 10 17:42:24 UTC 2018


> On 7 Jul 2018, at 18:38, shiz <nginx-forum at forum.nginx.org> wrote:
> 
> Hi,
> 
> I see those messages in my error logs daily.
> 
> ```
> 2018/07/07 08:01:32 [crit] 31935#31935: *342781 SSL_do_handshake() failed
> (SSL: error:14209102:SSL
> routines:tls_early_post_process_client_hello:unsupported protocol) while SSL
> handshaking, client: 173.208.91.177, server: 0.0.0.0:443
> 2018/07/07 08:06:24 [crit] 31939#31939: *343099 SSL_do_handshake() failed
> (SSL: error:1420918C:SSL
> routines:tls_early_post_process_client_hello:version too low) while SSL
> handshaking, client: 141.212.122.16, server: 0.0.0.0:443
> ```
> 
> Is there a way to increase verbosity, i.e. which protocol is unsupported? 
> which version is too low?
> 
> Nginx 1.15.1, supporting TLSv1.2, TLSv1.3 draft 23, OpenSSL-1.1.1-pre2
> 
> Not sure if it could be done within nginx, maybe OpenSSL source has to be
> edited?

This may be caused by TLSv1.3 version draft mismatch as found
in CH supported_versions.  You may want to update OpenSSL.

-- 
Sergey Kandaurov



More information about the nginx mailing list