I am trying to set up a reverse proxy which handles SSL. This is my
first
time, so I may be doing something stupid.
On the NGINX which is acting as a proxy I get this:
SSL_do_handshake() failed (SSL: error:140770FC:SSL
routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking
to
upstream,
On the NGINX which is upstream I am configured to only accept TLS,
because
of recent SSL security problems.
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
I would guess that the problem here is that NGINX is opening the proxy
connection using the wrong SSL protocol. Is there a way to control
which
protocol it uses for the proxy connection?
On Tue, Dec 30, 2014 at 09:44:17AM +0000, Edward Hibbert wrote:
of recent SSL security problems.
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
I would guess that the problem here is that NGINX is opening the proxy
connection using the wrong SSL protocol. Is there a way to control which
protocol it uses for the proxy connection?
There is the “proxy_ssl_protocols” directive to control which
protocols are allowed while connecting to upstream HTTPS servers,
see Module ngx_http_proxy_module for details. By
default it allows SSLv3 and above, so it should be fine with the
ssl_protocols you configured. The message you are seeing may
appear if you’ve accidentally set “proxy_ssl_protocols SSLv3”
though.