Hello.
I use nginx 1.13.6 as server for mutual tls auth with clients certs
During ab test I get errors ssl read failed(5) closing connection
In nginx log (debug mode) I get
2019/01/21 23:50:01 [debug] 26#26: *27497 http check ssl handshake
2019/01/21 23:50:01 [debug] 26#26: *27497 http recv(): 1
2019/01/21 23:50:01 [debug] 26#26: *27497 https ssl handshake: 0x16
2019/01/21 23:50:01 [debug] 26#26: *27497 tcp_nodelay
2019/01/21 23:50:01 [debug] 26#26: *27497 SSL server name: "meteotravel.ru"
2019/01/21 23:50:01 [debug] 26#26: *27497 SSL_do_handshake: -1
2019/01/21 23:50:01 [debug] 26#26: *27497 SSL_get_error: 2
2019/01/21 23:50:01 [debug] 26#26: *27497 reusable connection: 0
2019/01/21 23:50:02 [debug] 26#26: *27497 SSL handshake handler: 0
2019/01/21 23:50:02 [debug] 26#26: *27497 SSL_do_handshake: -1
2019/01/21 23:50:02 [debug] 26#26: *27497 SSL_get_error: 5
2019/01/21 23:50:02 [info] 26#26: *27497 peer closed connection in SSL
handshake while SSL handshaking, client: 10.244.5.0, server: 0.0.0.0:443
2019/01/21 23:50:02 [debug] 26#26: *27497 close http connection: 25
2019/01/21 23:50:02 [debug] 26#26: *27497 event timer del: 25: 1548114661807
2019/01/21 23:50:02 [debug] 26#26: *27497 reusable connection: 0
2019/01/21 23:50:02 [debug] 26#26: *27497 free: 0000557A448A4B10, unused: 146
2019/01/21 23:50:02 [debug] 19#19: accept on 0.0.0.0:443, ready: 0
2019/01/21 23:50:02 [debug] 19#19: posix_memalign: 0000557A448DB650:512 @16
2019/01/21 23:50:02 [debug] 19#19: *27498 accept: 10.244.5.0:44670 fd:35
2019/01/21 23:50:02 [debug] 19#19: *27498 event timer add: 35: 60000:
1548114662323
nginx -V
nginx version: nginx/1.13.6
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.11)
built with OpenSSL 1.1.0h 27 Mar 2018
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --with-ld-opt=-Wl,-rpath,/usr/local/lib --add-module=/usr/app/ngx_devel_kit-0.3.0 --add-module=/usr/app/lua-nginx-module-0.10.13 --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=root --group=www-data --user=www-data --group=www-data --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
root@cpronginx-4tnz7:/var/log/nginx# openssl version
OpenSSL 1.1.0h 27 Mar 2018
How to solve this problem
nginx version: nginx/1.13.6
built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.11)
built with OpenSSL 1.1.0h 27 Mar 2018
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --with-ld-opt=-Wl,-rpath,/usr/local/lib --add-module=/usr/app/ngx_devel_kit-0.3.0 --add-module=/usr/app/lua-nginx-module-0.10.13 --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=root --group=www-data --user=www-data --group=www-data --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'
root@cpronginx-4tnz7:/var/log/nginx# openssl version
OpenSSL 1.1.0h 27 Mar 2018
How to solve this problem
--
С уважением, Алексей.
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
