在提供客户端证书后,Nginx将关闭连接

时间:2017-01-04 11:13:31

标签: ssl nginx

我正在使用Nginx将我的ssl req转发到某个服务器。

我正在尝试使用firefox chrome等但没有帮助

什么应该是正确的配置,我也试图与SSL以及http_auth

一起实现

我正在使用的配置:

server {
        listen 443 default_server ssl;
        #root /var/www;
        #index index.html index.htm index.php;

        error_log /var/log/nginx/testconfg.log debug;

        ssl on;
        ssl_certificate /etc/ssl/testconfig/certs/server.crt;
        ssl_certificate_key /etc/ssl/testconfig/private/server.key;
        ssl_client_certificate /etc/ssl/testconfig/certs/ca.crt;
        ssl_crl /etc/ssl/testconfig/private/ca.crl;
        ssl_password_file /etc/ssl/testconfig/global.pass;
        ssl_verify_client optional;

        ssl_session_timeout 10m;

        ssl_protocols SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
        ssl_prefer_server_ciphers on;


        location / {
        proxy_pass http://172.16.8.50:5601;
        proxy_ssl_server_name      on;

        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

}

错误

 verify:0, error:18, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd", issuer:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
2017/01/04 11:08:23 [debug] 19105#19105: *2 verify:0, error:8, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd", issuer:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
2017/01/04 11:08:23 [debug] 19105#19105: *2 verify:1, error:8, depth:0, subject:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd", issuer:"/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
2017/01/04 11:08:23 [debug] 19105#19105: *2 SSL_do_handshake: 1
2017/01/04 11:08:23 [debug] 19105#19105: *2 SSL: TLSv1, cipher: "ECDHE-RSA-AES256-SHA SSLv3 Kx=ECDH Au=RSA Enc=AES(256) Mac=SHA1"
2017/01/04 11:08:23 [debug] 19105#19105: *2 reusable connection: 1
2017/01/04 11:08:23 [debug] 19105#19105: *2 http wait request handler
2017/01/04 11:08:23 [debug] 19105#19105: *2 malloc: 0000556B5D448D50:1024
2017/01/04 11:08:23 [alert] 19105#19105: *2 ignoring stale global SSL error (SSL: error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib) while waiting for request, client: 165.225.106.84, server: 0.0.0.0:443
2017/01/04 11:08:23 [debug] 19105#19105: *2 SSL_read: -1
2017/01/04 11:08:23 [debug] 19105#19105: *2 SSL_get_error: 2
2017/01/04 11:08:23 [debug] 19105#19105: *2 free: 0000556B5D448D50
2017/01/04 11:08:24 [debug] 19105#19105: *2 http wait request handler
2017/01/04 11:08:24 [debug] 19105#19105: *2 malloc: 0000556B5D448D50:1024
2017/01/04 11:08:24 [debug] 19105#19105: *2 SSL_read: 0
2017/01/04 11:08:24 [debug] 19105#19105: *2 SSL_get_error: 5
2017/01/04 11:08:24 [debug] 19105#19105: *2 peer shutdown SSL cleanly
2017/01/04 11:08:24 [info] 19105#19105: *2 client closed connection while waiting for request, client: 165.225.106.84, server: 0.0.0.0:443
2017/01/04 11:08:24 [debug] 19105#19105: *2 close http connection: 3
2017/01/04 11:08:24 [debug] 19105#19105: *2 SSL_shutdown: 1
2017/01/04 11:08:24 [debug] 19105#19105: *2 event timer del: 3: 1483528163104
2017/01/04 11:08:24 [debug] 19105#19105: *2 reusable connection: 0
2017/01/04 11:08:24 [debug] 19105#19105: *2 free: 0000556B5D448D50
2017/01/04 11:08:24 [debug] 19105#19105: *2 free: 0000556B5D46F910, unused: 56

有人可以帮助我解决问题吗

0 个答案:

没有答案