I am seeing an odd thing occur in the error logs. We are developing an
API,
and when our mobile devices first hit the nginx server after waking up,
the
mobile device is rejecting the ssl cert. In the logs, we see that the
ssl
handshake is being closed.
[info] 1450#0: *16 peer closed connection in SSL handshake while SSL
handshaking, client: IP, server: 0.0.0.0:443
Oddly enough, if we hit the API again (or any subsequent time before the
device is turned off), this problem does not reoccur - only on the first
access.
The sites are configured pretty vanilla right now:
server_name SERVERNAME;
listen 443;
ssl on;
ssl_certificate ssl/newRSA.crt;
ssl_certificate_key ssl/newRSA.key;
root /www;
index index.html index.htm index.php;
There are a few solutions if you think this is your problem.
(This is a bug in OpenSSL that has been fixed in later versions.)
Upgrade your system openssl library. (I wouldn’t recommend doing that
though as it may break other packages.)
Compile nginx with the latest openssl library. (Negative is that you
have to maintain your own packages and monitor for openssl security
vulnerabilities.)
Thanks for the reply. I realized this morning that this server is
actually
running Debian Stable, not Ubuntu.
I don’t think that I can downgrade the openssl package, because that
would
open me to heartbleed vulnerabilities. I will try standing up a dev
server
on Debian Testing to see if the newer openssl package fixes this issue.