Nginx SSL Handshake Error

Question

I am getting following error in my server log :

[crit] 915#0: *46701 SSL_do_handshake() failed (SSL: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback) while SSL handshaking, client: 187.50.199.66, server: 0.0.0.0:443

What does it mean ? How can I solve it ?

Please help me.

Answer 1

It looks, as it's connected with security bug in OpenSSL. It's nothing to do with YOUR nginx configuration. It's just indicating that your server has client which inproperly handles SSL handshakes.

What is SSL handshake?

Basically it's exchanging some messages between client and server at the beggining of each session. It consists of 6 phases:

1. Client Hello
2. Server Hello
3. Authentication and Pre-Master Secret
4. Decryption and Master Secret
5. Generate Session Keys
6. Encryption with Session Key

Read more at http://www.symantec.com/connect/blogs/how-does-ssl-work-what-ssl-handshake

To sum up - your server is raising this warning to indicate that some client is (un)intentionally breaking this procedure (for example, prematurely ending connection, or trying to open it several times in one session.

How to solve it?

If you really want to get rid of this message (it's not recommended) you can change level of error logging 9in your nginx.conf file), to something like:

error_log logs/error.log alert;

*available levels are: debug | info | notice | warn | error | crit | alert | emerg

http://nginx.org/en/docs/ngx_core_module.html#error_log