I use kubernetes cluster with haproxy-ingress in tcp mode to transfer traffic to more nginx servers that will be terminate ssl connectionshttps://github.com/jcmoraisjr/haproxy-ingress and there is some configs that are specifiedConfig for daemonset with haproxy-ingress data: proxy-body-size: "20m"
Hello!
On Mon, Jan 21, 2019 at 11:59:25PM +0300, Алексей wrote:
>I use nginx 1.13.6 as server for mutual tls auth with clients certs
Note that 1.13.6 is a mainline version which is not supported
since release of 1.13.7 at 21 Nov 2017. You may want to upgrade
to a more recent version, e.g.
Hello.I use nginx 1.13.6 as server for mutual tls auth with clients certs During ab test I get errors ssl read failed(5) closing connectionIn nginx log (debug mode) I get 2019/01/21 23:50:01 [debug] 26#26: *27497 http check ssl handshake2019/01/21 23:50:01 [debug] 26#26: *27497 http recv(): 12019/0
Thanks Maxim and those two patches are now merged upstream:
http://mailman.nginx.org/pipermail/nginx-devel/2018-July/011287.html
http://mailman.nginx.org/pipermail/nginx-devel/2018-July/011288.html
On Fri, Jul 13, 2018 at 4:13 AM, Richard Stanway
wrote:
> I'd also like to voice support for havi
I'd also like to voice support for having this patch upstream. I've been
using a similar patch ever since requiring TLS 1.2 as the error log is
filled with "critical" version errors otherwise.
On Wed, Jul 11, 2018 at 9:03 PM shiz wrote:
> > Since you are using newer openssl, you may want to appl
> Since you are using newer openssl, you may want to apply this patch
I agree, many thanks to Piotr Sikora and to you, Frank!
2nd patch applied as well.
My error log is a lot more readable now. I can see those real critical
messages without being cluttered by meaningless/unfixable SSL issues.
Glad it works and thanks Piotr Sikora for the patch!
Since you are using newer openssl, you may want to apply this patch:
https://nginx.googlesource.com/nginx/+/ec0b8aad6ca3cb37e03d1c06e42f110e4737af1f%5E%21/
On Wed, Jul 11, 2018 at 6:18 AM, shiz wrote:
> > Those unsupported ssl version messag
> Those unsupported ssl version messages should be in "info" level
That is a very useful patch, many thanks Frank
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,280446,280496#msg-280496
___
nginx mailing list
nginx@nginx.org
http://mailman
Those unsupported ssl version messages should be in "info" level instead of
"crit", just like other SSL related errors.
Applying below patch should make your error log cleaner:
https://nginx.googlesource.com/nginx/+/6853c9c868504432ffadb8a7ca58ce8e50a83450%5E%21/
On Sat, Jul 7, 2018 at 8:38 AM, s
> You may want to update OpenSSL.
Thanks but I did and almost zero browser was able to use draft 26 or 28.
Therefore I downgraded OpenSSL from 1.1.1-pre8 to 1.1.1-pre2 (draft 23).
Although TLS 1.3 has been finalized, Openssl 1.1.1 is still work in
progress.
Tested with latest Opera, Palemoon, B
> On 7 Jul 2018, at 18:38, shiz wrote:
>
> Hi,
>
> I see those messages in my error logs daily.
>
> ```
> 2018/07/07 08:01:32 [crit] 31935#31935: *342781 SSL_do_handshake() failed
> (SSL: error:14209102:SSL
> routines:tls_early_post_process_client_hello:unsupported protocol) while SSL
> hands
Hi,
I see those messages in my error logs daily.
```
2018/07/07 08:01:32 [crit] 31935#31935: *342781 SSL_do_handshake() failed
(SSL: error:14209102:SSL
routines:tls_early_post_process_client_hello:unsupported protocol) while SSL
handshaking, client: 173.208.91.177, server: 0.0.0.0:443
2018/07/07
12 matches
Mail list logo
