Hello! On Fri, Oct 18, 2013 at 06:01:14PM +0000, Agent Coulson wrote:
> I am able to reproduce the following error when I have nginx configured > with an upstream https connection. I have tweaked various settings all to > no avail (proxy_buffer_size, proxy_buffers, proxy_ssl_session_reuse). > > 2013/10/18 17:17:31 [debug] 15644#0: *39 SSL_read: -1, SSL_pending: 16384 > 2013/10/18 17:17:31 [debug] 15644#0: *39 SSL_get_error: 1 > 2013/10/18 17:17:31 [error] 15644#0: *39 SSL_read() failed (SSL: > error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record > mac) while sending to client, client: 127.0.0.1, server: -, request: "GET > /test-1 HTTP/1.1", upstream: "https://x.x.x.x:443/test-1";, host: > "localhost:1182" I tend to think it's highly unlikely it's a problem in nginx. Most likely, it's a problem either in OpenSSL library used on nginx side, or in SSL implementation used on a backend. First thing I would recommend to test is to make sure you are able to reporoduce the problem: 1. Using nginx statically compiled with a known version of the OpenSSL library (--with-openssl=..., with sources from openssl.org). 2. Using the same nginx as a backend. [...] > I've seen a bug report on this too (http://trac.nginx.org/nginx/ticket/215), > so thought i would send this here to see if anyone else is actively working > on the issue. As of now, no one provided enough steps to reproduce the problem. And, see above, most likely the problem is not in nginx. -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
