堆栈内存溢出
  简体   繁体   English

Nginx SSL握手错误

[英]Nginx SSL Handshake Error

 原文  2014-12-05 03:52:46       linux/ ubuntu/ nginx/ server

问题描述

I am getting following error in my server log : 我在服务器日志中收到以下错误:

[crit] 915#0: *46701 SSL_do_handshake() failed (SSL: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback) while SSL handshaking, client: 187.50.199.66, server: 0.0.0.0:443 [crit] 915#0:* 46701 SSL_do_handshake()失败(SSL:错误:140A1175:SSL例程:SSL_BYTES_TO_CIPHER_LIST:不适当的回退),而SSL握手,客户端:187.50.199.66,服务器:0.0.0.0:443

What does it mean ? 这是什么意思 ? How can I solve it ? 我该如何解决?

Please help me. 请帮我。

1 个解决方案

解决方案1
 2  2015-03-02 19:37:15

It looks, as it's connected with security bug in OpenSSL . 它看起来,因为它与OpenSSL中的安全漏洞有关 It's nothing to do with YOUR nginx configuration. 这与你的nginx配置无关。 It's just indicating that your server has client which inproperly handles SSL handshakes. 它只是表明您的服务器具有不正确处理SSL握手的客户端。

What is SSL handshake? 什么是SSL握手?

Basically it's exchanging some messages between client and server at the beggining of each session. 基本上它是在每个会话的开始时在客户端和服务器之间交换一些消息。 It consists of 6 phases: 它由6个阶段组成:

  1. Client Hello 客户你好
  2. Server Hello 服务器你好
  3. Authentication and Pre-Master Secret 身份验证和预主密钥
  4. Decryption and Master Secret 解密和主要秘密
  5. Generate Session Keys 生成会话密钥
  6. Encryption with Session Key 使用会话密钥加密

Read more at http://www.symantec.com/connect/blogs/how-does-ssl-work-what-ssl-handshake 有关详细信息, 请访问http://www.symantec.com/connect/blogs/how-does-ssl-work-what-ssl-handshake

To sum up - your server is raising this warning to indicate that some client is (un)intentionally breaking this procedure (for example, prematurely ending connection, or trying to open it several times in one session. 总结一下 - 您的服务器发出此警告以指示某个客户端(非)故意破坏此过程(例如,过早结束连接,或尝试在一个会话中多次打开它。

How to solve it? 怎么解决?

If you really want to get rid of this message (it's not recommended) you can change level of error logging 9in your nginx.conf file), to something like: 如果您真的想要删除此消息(不建议这样做),您可以在nginx.conf文件中更改错误日志记录9),如下所示: 

error_log logs/error.log alert;

*available levels are: debug | *可用级别为:debug | info | 信息| notice | 通知| warn | 警告| error | 错误| crit | 暴击| alert | 警报| emerg EMERG

http://nginx.org/en/docs/ngx_core_module.html#error_log http://nginx.org/en/docs/ngx_core_module.html#error_log

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Nginx SSL子域错误 - nginx ssl subdomain error 在KAFKA中启用SSL时获取SSL握手错误 - Getting SSL handshake error while Enabling SSL in KAFKA CHECK_NRPE:错误 - 无法完成SSL握手 - CHECK_NRPE: Error - Could not complete SSL handshake grpc ++中的SSL握手错误(CERTIFICATE_VERIFY_FAILED) - SSL handshake error (CERTIFICATE_VERIFY_FAILED) in grpc++ 在Linux上运行的Java应用程序在某些网站上收到SSL握手错误 - Java app running on Linux is getting an SSL handshake error on certain websites CHECK_NRPE:错误 - 无法完成SSL握手并且无法通过SSH进入框或本地访问它 - CHECK_NRPE: Error - Could not complete SSL handshake AND cannot SSH into box or access it locally Linux中的Java SSL握手失败,但OSX和Windows中没有 - Java SSL handshake failure in Linux but not in OSX and Windows python中使用ssl握手失败如何解决? - How to solve the handshake failure using ssl in python? OpenLiteSpeed 性能不佳和 SSL 握手失败 (5) - OpenLiteSpeed Poor Performance and SSL handshake failed(5) SSL_do_handshake()被卡住 - SSL_do_handshake() get stuck
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM