SSL routines:tls_process_client_hello:version too low

Francis Daly francis at daoine.org
Tue Sep 29 21:39:31 UTC 2020


On Tue, Sep 29, 2020 at 05:06:32PM -0400, jriker1 wrote:

Hi there,

> Thanks.  Only thing I can see in a Wireshark trace is TLS 1.2 so shouldn't
> be an issue from what I can see but who knows.
> 
> So it works without NGINX but that said couple things.
> 
> 1. Is there a way to just make NGINX accept things and work?  Way to prove
> it's a TLS issue then?

If the nginx (debug?) logs show that nginx is rejecting this client for
specific tls-version reasons, then you could choose to configure nginx
to accept other tls versions, and see if that changes anything.

http://nginx.org/r/ssl_protocols

> 2. What would have changed that would have worked before and now it doesn't?
>  I know the cert was renewed right before the pandemic so may be related but
> it is a GoDaddy cert so wouldn't be self signed and shows valid.  

If you can show a nginx config that does not respond as you wish it
to for a specific request, then someone might be able to point out why
that happens.

As to what changed? Only you have the old setup and the new setup,
to compare. Maybe something changed on the client side that is not in
your control? Maybe non-configured default settings changed between the
two setups?

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list