504 SSL_do_handshake() failed

A similar problem to below case occurred in mine.
http://forum.nginx.org/read.php?2,144108,222098#msg-222098

Following is the ssl server configuration.
At first I used AJP.
But after I could not find a corresponding directive to
proxy_ssl_session_reuse, I changed to proxy.

upstream loadbalancer {
server 127.0.0.1:8080;

keepalive 100;
}

server {
listen 443 default ssl;
ssl on;

location / {
#access_log off;
#ajp_pass loadbalancer;
proxy_pass http://loadbalancer;
proxy_ssl_session_reuse off;
}
}

Here’s the error log:
2012/02/08 15:03:49 [info] 13273#0: *1 SSL_do_handshake() failed (SSL:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown) while SSL handshaking,

Any help would be greatly appreciated!
Thanks in advance!

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,222128,222128#msg-222128

Does [OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008] have any problem with
nginx-0.8.54?

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,222128,222133#msg-222133

09 февраля 2012, 10:10 от “zealot83” [email protected]:

Does [OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008] have any problem with
nginx-0.8.54?

There have been a couple of OpenSSL-related bugfixes since,
so try upgrading both OpenSSL and nginx first. You should
definitely upgrade OpenSSL because the version you’re using
has a serious vulnerability:

http://www.cvedetails.com/cve/CVE-2010-4180/

Max

09 февраля 2012, 05:06 от “zealot83” [email protected]:

#access_log off;
#ajp_pass loadbalancer;
proxy_pass http://loadbalancer;
proxy_ssl_session_reuse off;
}
}

Here’s the error log:
2012/02/08 15:03:49 [info] 13273#0: *1 SSL_do_handshake() failed (SSL:
error:14094416:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate
unknown) while SSL handshaking,

You’re probably using a self-signed certificate?
First sync the time on all the servers and clients
using NTP, then try using different browsers
(other than Firefox and IE) and curl.

If the problem persists, sync the time on the
server again and regenerate the certificate.
If that doesn’t help, post your complete nginx.conf,
the output of “nginx -V” and “uname -a”, and the
the version of OpenSSL on the server where you
compiled nginx.

Max

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs