Hello! On Tue, Dec 30, 2014 at 09:44:17AM +0000, Edward Hibbert wrote:
> I am trying to set up a reverse proxy which handles SSL. This is my first > time, so I may be doing something stupid. > > On the NGINX which is acting as a proxy I get this: > > SSL_do_handshake() failed (SSL: error:140770FC:SSL > routines:SSL23_GET_SERVER_HELLO:unknown protocol) while SSL handshaking to > upstream, > > On the NGINX which is upstream I am configured to only accept TLS, because > of recent SSL security problems. > > ssl_protocols TLSv1.2 TLSv1.1 TLSv1; > > I would guess that the problem here is that NGINX is opening the proxy > connection using the wrong SSL protocol. Is there a way to control which > protocol it uses for the proxy connection? There is the "proxy_ssl_protocols" directive to control which protocols are allowed while connecting to upstream HTTPS servers, see http://nginx.org/r/proxy_ssl_protocols for details. By default it allows SSLv3 and above, so it should be fine with the ssl_protocols you configured. The message you are seeing may appear if you've accidentally set "proxy_ssl_protocols SSLv3" though. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
