Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Nginx SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share

Tags:

nginx

ssl

nginx-reverse-proxy

nginx-config

I got this error in nginx error log:

SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking

I use Let's Encrypt currently. Any ideas to solve this problem? Thank you, guys.

like image 503
Justin Avatar asked Jan 23 '21 01:01

Justin

People also ask

Why is Nginx not using my SSL ciphers?

Note that in this case, I am running an Nginx web server with an SSL certificate from Let’s Encrypt. The client is using really old hardware. As a result, it is unable to use your SSL ciphers. A client is deliberately attempting (but failing) to use an older insecure SSL protocol.

Why am I getting SSL protocol errors in a client?

A client is deliberately attempting (but failing) to use an older insecure SSL protocol. Either way, you should not be concerned if you see this error every now and again. This is just a case of Nginx doing its job.

Why am I getting SSL ciphers not working?

As a result, it is unable to use your SSL ciphers. A client is deliberately attempting (but failing) to use an older insecure SSL protocol. Either way, you should not be concerned if you see this error every now and again.

How to configure Diffie Hellman key exchange in Nginx?

Actually you have used the option ssl_ecdh_curve to configure Diffie Hellman key exchange in Nginx but you have not provided a parameter file. Therefore you have to use the option ssl_dhparam and must create a file with openssl.

1 Answers

This isn't your problem.

The best thing you can do in this situation is just to keep your server reasonably updated and secured.

At best for you, the client side of a request was running seriously outdated software, and at worst your server is simply being scanned for vulnerabilities by compromised devices connected to the internet.

Personally I lean in the direction of this being scanning, as I myself see these errors on a private development server, to which only I should ever have a legitimate reason to connect to, yet I see a ton of IP addresses mentioned by the error from around the world.

Similar question and answer has already been provided here: https://serverfault.com/questions/905011/nginx-ssl-do-handshake-failed-ssl-error1417d18cssl/905019

Stay safe.

like image 132
stack3r Avatar answered Sep 19 '22 14:09

stack3r
Sign in to Comment

Related questions

Gitlab 8 with nginx proxy can't download a zip, clone a public repo as guest, can't build in CI either
HTTP2 support in MAMP Pro
Do any open-source standalone restful image servers exist?
Access-Control-Allow-Origin missing on the first response
Nginx config for WSS
Why I can't put proxy_set_header inside an if clause?
How to deploy an angularjs application frontend with Nginx and dropwizard
Nginx Reverse Proxying to Node.js with Rewrite
nginx change root folder for specific url
How to enable nginx reverse proxy to work with gRPC in .Net core?
In nginx, what is the relationship between worker_connections, keepalive_timeout and $connection
Symfony 2: 404 Not Found Error when tryes to open /app_dev.php
unknown directive "perl_modules"
How to Run C# ASP.NET Core 2.1 and Node.js with Different Ports in Nginx?
GitLab postfix configuration mail not sending
nginx conditional proxy pass based on request body content
www in domain not working in nginx
How to make BrowserSync work with an nginx proxy server?
how to reach another container from a dockerised nginx
serving static files from ingress-nginx

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!