碼上歡樂
相關內容    簡體    繁體

nginx報SSL_do_handshake() failed (SSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO

本文轉載自   查看原文   2019-12-10 08:40   1689    Linux/ java排錯

一錯誤
2019/12/09 16:45:44 [error] 19091#0: *1 SSL_do_handshake() failed (SSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error) while SSL handshaking to upstream, cli
ent: 172.18.122.4, server: sda.cn, request: "POST /api/tokenVerify?token=2D3B66C43CFDA04DF5D46F288F0B16B253FE48353C351BDB52D339840DB28E6427115A9ECB826CA75EBE7F6F310BEBB2DAB85DAE77780AC6B6E2F053DF23BF9788F3768F62ABF38C335C794DC79197BC&constId=&appKey=c36b3f2865c0506c9dd7dab845c1ee86&sign=4ada50fd61204702bda46f95810b42b5&ip= HTTP/1.1", upstream: "https://74.208.236.192:443/api/tokenVerify?token=2D3B66C43CFDA04DF5D46F288F0B16B253FE48353C351BDB52D339840DB28E6427115A9ECB826CA75EBE7F6F310BEBB2DAB85DAE77780AC6B6E2F053DF23BF9788F3768F62ABF38C335C794DC79197BC&constId=&appKey=c36b3f2865c0506c9dd7dab845c1ee86&sign=4ada50fd61204702bda46f95810b42b5&ip=", host: "192.168.2.241:10443"
二解決
在nginx 1.7中,可以使用這個指令:

proxy_ssl_server_name on;
迫使nginx使用SNI

proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

 #請按照這個協議配置
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     #請按照這個套件配置,配置加密套件,寫法遵循 openssl 標准。
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
     ssl_prefer_server_ciphers on;
     proxy_connect_timeout 600;
     proxy_read_timeout 600;
     proxy_send_timeout 600;
     #防止hand
     proxy_ssl_server_name on;
        location / {
           #網站主頁路徑。此路徑僅供參考,具體請您按照實際目錄操作。
         #root /var/www/www.domain.com;
         index  /templates/loading.html;
        }
        location ~.*abnol/* {
           proxy_pass   http://tomcatWeb;
         # proxy_pass   http://192.16.2.205:8090;
         # proxy_pass   http://localhost:8088;
        }
        location ~.*api/tokenVerify* {
           proxy_pass   https://cap.dingxiang-inc.com;
        }

    }

}

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 nginx 報錯:[crit] 12456#0: *5 SSL_do_handshake() failed (SSL: error:1408A0A0:SSL routines:SSL3_GET_CLIENT_HELLO nginx 握手失敗SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher) _ssl.c:510: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure wget 報錯 OpenSSL: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failur urllib2.URLError: ` composer在update時提示file could not be downloaded: SSL operation failed with code 1. OpenSSL Error messages: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO git error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version Errnoerror:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version OpenSSL: error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM