> On 6 Nov 2019, at 22:41, mogwai <nginx-fo...@forum.nginx.org> wrote: > > My first question is regarding the particular error log messages produced > during the attack - see example below: > > [info] 8050#8050: *146 SSL_do_handshake() failed (SSL: error:14094416:SSL > routines:ssl3_read_bytes:sslv3 alert certificate unknown:SSL alert number > 46) while SSL handshaking, client: XXX.XXX.XXX.XXX, server: 0.0.0.0:443 > > The "certificate unknown" seems to suggest that nginx is trying to verify > the certificate of the client, yet "ssl_verify_client" should be off by > default, so why does nginx care about that certificate?
That's opposite: nginx received a certificate_unknown alert message from a client for some reason while in handshake. -- Sergey Kandaurov _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
