I am having a very weird problem with safari on nginx which is hosting my server. The ssl handshake fails and give a server certificate warning pop-up and I get this in nginx debug logs
nginx logs
2013/11/01 23:27:59 [debug] 16494#0: *240 http recv(): 1
2013/11/01 23:27:59 [debug] 16494#0: *240 https ssl handshake: 0x16
2013/11/01 23:27:59 [debug] 16494#0: *240 SSL server name: "www.unitedwifi.com"
2013/11/01 23:27:59 [debug] 16494#0: *240 SSL_do_handshake: -1
2013/11/01 23:27:59 [debug] 16494#0: *240 SSL_get_error: 2
2013/11/01 23:27:59 [debug] 16494#0: *240 reusable connection: 0
2013/11/01 23:27:59 [debug] 16494#0: *240 SSL handshake handler: 0
2013/11/01 23:27:59 [debug] 16494#0: *240 SSL_do_handshake: 1
2013/11/01 23:27:59 [debug] 16494#0: *240 SSL: TLSv1, cipher: "ECDHE-RSA-AES128-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1"
2013/11/01 23:27:59 [debug] 16494#0: *240 reusable connection: 1
After searching online the only reason that I can think of is ssl renegotiation which according to some posts is still not supported by safari. With other browsers I dont see any problem.ALso unitedwifi.com is a portal that I host on my VPN Is there a way in nginx to disable renegotiation from conf file? ANy suggestions to fix this?
Nginx doesn't allow renegotiation since 0.7.64 or 0.8.23. And I don't see any renegotiation in the debug log that you have provided.
Changes with nginx 0.8.23 11 Nov 2009
*) Security: now SSL/TLS renegotiation is disabled.
Thanks to Maxim Dounin.
Most likely, that certificate warning pop-up has nothing to do with nginx, but is related to certificate itself.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.