Apologies if this is not solely connected to nginx, but I think I’ve
narrowed it down to the connection with nginx, and how it is handling
TLS
connections. I’m attempting to setup nginx to receive connections from
an
amazon dash button (using information from
Dash Button Corral). Using ubuntu 14.04
and
nginx 1.4.6 this setup is working correctly, the dash connects to my
server,
they exchange keys (although the key my server sends is not the one that
the
dash is expecting, it doesn’t actually check this, and then the dash
connects to the page 2/b on my server, and everything is great. I
recently
upgraded to Ubuntu 15.10 with nginx 1.9.3 and something is going wrong
with
the TLS/SSL connection. With the same setup, my server appropriately
responds to the page 2/b if I get or put there manually (from a browser,
etc.) but the dash is never able to connect.
I’ve run ssldump on both setups, and it looks like on nginx 1.9.3 the
connection never gets further than ServerHelloDone before the TCP FIN
are
sent from client to server and server to client, no client key is
exchanged,
and no data is exchanged (I’ve added output from ssldump with each
below).
Is this an nginx configuration issue? Is there anyway I can configure
nginx/openssl so that these connections can go through like they did
with
previous setups?
I’m happy to provide more detailed configuration, log files, or other
information if needed. Thank you in advance for your help.
with nginx 1.9.3 192.168.1.140 is the dash button, 192.168.1.21 is my
server
with nginx 1.9.3 on it:
New TCP connection #50: 192.168.1.140(30004) ↔ 192.168.1.21(443)
50 1 0.0090 (0.0090) C>SV3.1(49) Handshake
ClientHello
Version 3.1
random[32]=
00 00 37 5d 36 36 15 9d 59 8d da 1e ad f7 90 d7
a0 32 bd b9 c0 6f 58 6b cd 3f a0 5a a0 76 91 ca
cipher suites
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
50 2 0.0094 (0.0004) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
87 08 53 95 a3 9e 1b 7b f0 a8 56 cd f8 2b cc 03
94 27 3e 0e 8f 84 63 3c f5 03 e9 94 d2 1d f2 a4
session_id[32]=
d1 2b 21 f6 f6 e0 16 7b a2 a1 69 ef 18 df 3f d5
e5 50 2e bb c4 c7 b2 5d f1 b7 9c 12 5b 4b ca d1
cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
50 3 0.0094 (0.0000) S>CV3.1(704) Handshake
Certificate
certificate[694]=
[removed for brevity]
50 4 0.0094 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
50 0.0271 (0.0176) C>S TCP FIN
50 0.0274 (0.0002) S>C TCP FIN
with nginx 1.4.6 192.168.1.140 is the dash button, 192.168.1.20 is my
server
with nginx 1.4.6 on it:
New TCP connection #4: 192.168.1.140(30003) ↔ 192.168.1.20(443)
4 1 0.0081 (0.0081) C>SV3.1(49) Handshake
ClientHello
Version 3.1
random[32]=
00 00 34 dc c4 e3 62 d2 26 84 1e 82 be 3a 75 f3
2a c9 cf 82 f9 3d ad d8 1e 6b 5f 63 40 9f 0e 9c
cipher suites
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_RC4_128_MD5
compression methods
NULL
4 2 0.0084 (0.0003) S>CV3.1(74) Handshake
ServerHello
Version 3.1
random[32]=
20 fd 68 07 d1 e3 63 0a cf 39 b4 f8 65 e9 25 ed
09 9f c4 d9 c4 0d f2 b6 f0 82 2b f8 d9 ea 1a 3f
session_id[32]=
ea 25 8c fd 61 66 92 25 44 fb f0 74 7c 2a 4b bc
d6 76 8b 05 16 ed 4a ee 84 0b 0c 74 7f 23 b9 de
cipherSuite TLS_RSA_WITH_AES_256_CBC_SHA
compressionMethod NULL
4 3 0.0084 (0.0000) S>CV3.1(704) Handshake
Certificate
certificate[694]=
[removed for brevity]
4 4 0.0084 (0.0000) S>CV3.1(4) Handshake
ServerHelloDone
4 5 0.0548 (0.0463) C>SV3.1(262) Handshake
ClientKeyExchange
EncryptedPreMasterSecret[256]=
[removed for brevity]
4 6 0.0561 (0.0013) C>SV3.1(1) ChangeCipherSpec
4 7 0.0561 (0.0000) C>SV3.1(48) Handshake
4 8 0.0617 (0.0056) S>CV3.1(1) ChangeCipherSpec
4 9 0.0617 (0.0000) S>CV3.1(48) Handshake
4 10 0.0645 (0.0027) C>SV3.1(96) application_data
4 11 0.0647 (0.0001) C>SV3.1(64) application_data
4 12 0.0648 (0.0001) S>CV3.1(240) application_data
4 13 0.0653 (0.0004) C>SV3.1(112) application_data
4 14 0.0656 (0.0003) C>SV3.1(48) application_data
4 0.0658 (0.0001) S>C TCP FIN
4 0.0745 (0.0087) C>S TCP FIN
Posted at Nginx Forum: