ssl3_get_client_hello:no shared cipher

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

ssl3_get_client_hello:no shared cipher

satay
Hello

We have been having this strange issue. For the first time when a user
attempts to login to the application the login fails and we come across this
error on the nginx log. The second time the user attemps , the login is
successful.
Again if the browser is closed and an attempt is made to log in, we find the
same error.

2018/12/13 15:35:11 [info] 4337#0: *102 SSL_do_handshake() failed (SSL:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while
SSL handshaking, client: <IP>, server: 0.0.0.0:443

Please suggest possible reason and any fix for this.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282382,282382#msg-282382

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: ssl3_get_client_hello:no shared cipher

lists@lazygranch.com
On the second attempt, is the connection on port 443? Have you set up HSTS?

Mayhe you can pastebin your conf file, sanitizing as appropriate.


  Original Message  
From: [hidden email]
Sent: December 13, 2018 6:20 PM
To: [hidden email]
Reply-to: [hidden email]
Subject: ssl3_get_client_hello:no shared cipher

Hello

We have been having this strange issue. For the first time when a user
attempts to login to the application the login fails and we come across this
error on the nginx log. The second time the user attemps , the login is
successful.
Again if the browser is closed and an attempt is made to log in, we find the
same error.

2018/12/13 15:35:11 [info] 4337#0: *102 SSL_do_handshake() failed (SSL:
error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while
SSL handshaking, client: <IP>, server: 0.0.0.0:443

Please suggest possible reason and any fix for this.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282382,282382#msg-282382

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: ssl3_get_client_hello:no shared cipher

satay
Hi

I am pasting the current conf file. Please review and suggest ; all
connections are through port 443.

server {
    listen 443 http2 ssl;
    listen [::]:443 http2 ssl;

    server_name <url name>;
    root   /usr/share/nginx/html/Bank/;
    ssl_certificate /<path>/<name>.crt;
    ssl_certificate_key /<path>/private.key;
   
        #ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1.2;
   
        ssl_prefer_server_ciphers on;
    ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
   
        ssl_ecdh_curve secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;

    # Disable preloading HSTS for now.  You can use the commented out header
line that includes
    # the "preload" directive if you understand the implications.
    #add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains; preload";

    add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains";
    add_header X-Frame-Options DENY;
    add_header X-Content-Type-Options nosniff;
    underscores_in_headers on;

    error_log /var/log/nginx/error.log debug;
   
        location /<name>/ {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       
                #proxy_pass_request_headers on ;
       
                proxy_cookie_path /<tagname> "/; secure; HttpOnly; SameSite=lax";
        proxy_pass http://<IP>:8080/;
        sendfile off;
        expires  0;
        add_header Cache-Control private;
        add_header Cache-Control no-store;
        add_header Cache-Control no-cache;
        add_header Strict-Transport-Security "max-age=63072000;
includeSubdomains";
       
        index  index.html index.htm;

    }
}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282382,282389#msg-282389

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx