19 messages in ru.sysoev.nginxRe: SSL with client certificate errors| From | Sent On | Attachments |
|---|---|---|
| Slawek Zak | Feb 8, 2010 9:10 am | |
| Zev Blut | Feb 22, 2010 11:52 pm | |
| Igor Sysoev | Feb 23, 2010 1:21 am | |
| Igor Sysoev | Feb 23, 2010 1:23 am | |
| Zev Blut | Feb 23, 2010 1:35 am | |
| Igor Sysoev | Feb 23, 2010 1:47 am |  .Other |
| Zev Blut | Feb 25, 2010 1:19 am | |
| Zev Blut | Mar 1, 2010 10:48 pm | |
| Anna Malova | Apr 5, 2010 11:50 pm | |
| Igor Sysoev | Apr 6, 2010 1:15 am | |
| Anna Malova | Apr 6, 2010 2:46 am | |
| Maxim Dounin | Apr 6, 2010 3:16 am | |
| Anna Malova | Apr 6, 2010 3:23 am | |
| Igor Sysoev | Apr 6, 2010 3:32 am | |
| Anna Malova | Apr 6, 2010 3:34 am | |
| Igor Sysoev | Apr 6, 2010 3:36 am | |
| Anna Malova | Apr 6, 2010 3:40 am | |
| Anna Malova | Apr 6, 2010 3:42 am | |
| Maxim Dounin | Apr 6, 2010 4:03 am |
| Subject: | Re: SSL with client certificate errors | |
|---|---|---|
| From: | Zev Blut (zbl...@cerego.co.jp) | |
| Date: | Feb 23, 2010 1:35:11 am | |
| List: | ru.sysoev.nginx | |
Hello,
On 02/23/2010 06:24 PM, Igor Sysoev wrote:
On Tue, Feb 23, 2010 at 04:52:29PM +0900, Zev Blut wrote:
On 02/09/2010 02:11 AM, Slawek Zak wrote:
Hi,
I use nginx 0.7.62 to proxy a web application and secure it with client certificates. Quite often NGINX just responds with connection reset to Firefox and generates this error:
2010/02/08 18:04:49 [crit] 8248#0: *41 SSL_do_handshake() failed (SSL: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized) while SSL handshaking, client: 77.x.x.x, server 89.x.x.x
Any ideas?
I too am getting similar errors with 0.7.65:
2010/02/23 16:02:19 [crit] 7224#0: *46254 SSL_do_handshake() failed (SSL: error:140D9115:SSL routines:SSL_GET_PREV_SESSION:session id context uninitialized) while SSL handshaking, client: 192.x.x.x, server: example.com
What is your ssl_session_cache settings ?
At the moment it is not set, so it is using whatever the default is. Here is a short example of what I am using:
server { listen 443;
ssl on; ssl_certificate /etc/nginx/ssl/data.crt; ssl_certificate_key /etc/nginx/ssl/data.key; ssl_protocols SSLv3 TLSv1;
# Make sure we verify client side SSL ssl_verify_client on; ssl_client_certificate /etc/nginx/ssl/data.pem; }
I also get lots of odd entries in my access logs related to this. 192.x.x.x - - [23/Feb/2010:16:47:04 +0900] "\x16...(snip lots of codes)" 400 173 "-" "-" 0.000 "-" "-" "-" [-] - - - [-] [-]
"\x16..." is SSLv3 handshake message. It seems that nginx logs it as request line since nginx treats it like a bad request.
So I guess there is not much we can do about that.
Thanks, Zev
_______________________________________________ nginx mailing list ngi...@nginx.org http://nginx.org/mailman/listinfo/nginx