Forum: NGINX peer closed connection in SSL handshake while SSL handshaking

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
2974d09ac2541e892966b762aad84943?d=identicon&s=25 gp (Guest)
on 2014-07-02 00:40
(Received via mailing list)

I am seeing an odd thing occur in the error logs. We are developing an
and when our mobile devices first hit the nginx server after waking up,
mobile device is rejecting the ssl cert. In the logs, we see that the
handshake is being closed.

[info] 1450#0: *16 peer closed connection in SSL handshake while SSL
handshaking, client: IP, server:

Oddly enough, if we hit the API again (or any subsequent time before the
device is turned off), this problem does not reoccur - only on the first

The sites are configured pretty vanilla right now:
        server_name SERVERNAME;
        listen 443;
        ssl on;
        ssl_certificate ssl/newRSA.crt;
        ssl_certificate_key ssl/newRSA.key;
        root /www;
        index index.html index.htm index.php;

If anybody has any pointers, that would be great.


Posted at Nginx Forum:,251423,251423#msg-251423
2974d09ac2541e892966b762aad84943?d=identicon&s=25 gp (Guest)
on 2014-07-02 00:40
(Received via mailing list)
I forgot to mention that this is running on Ubuntu 12.04LTS, with nginx
version: nginx/1.6.0.

Posted at Nginx Forum:,251423,251424#msg-251424
2fd0c3f17efded066208e74d8e7f307e?d=identicon&s=25 Kurt Cancemi (Guest)
on 2014-07-02 02:30
(Received via mailing list)

Could your issue be caused by this bug
< It
like Ubuntu is not going to fix this bug in precise. Also see here
In the previous link the person has the same problem and resolved it by
downgrading openssl.

There are a few solutions if you think this is your problem.

(This is a bug in OpenSSL that has been fixed in later versions.)

1. Upgrade your system openssl library. (I wouldn't recommend doing that
though as it may break other packages.)
2. Compile nginx with the latest openssl library. (Negative is that you
have to maintain your own packages and monitor for openssl security
3. Upgrade your Linux distribution to 14.04 LTS.

Kurt Cancemi
2974d09ac2541e892966b762aad84943?d=identicon&s=25 gp (Guest)
on 2014-07-02 15:03
(Received via mailing list)
Thanks for the reply. I realized this morning that this server is
running Debian Stable, not Ubuntu.

I don't think that I can downgrade the openssl package, because that
open me to heartbleed vulnerabilities. I will try standing up a dev
on Debian Testing to see if the newer openssl package fixes this issue.


Posted at Nginx Forum:,251423,251437#msg-251437
This topic is locked and can not be replied to.