Join Log in
Score:0
RevenueNexus RevenueNexus avatar Server

Suddenly getting SSL handshake errors

ie flag
RevenueNexus RevenueNexus

I have a site https://www.sqeazy.com on a Ubuntu 18.04.1 AWS Lightsail VM running a nginx webserver and using Letsencrypy certbot SSL. The site was running without problems but when I checked it today, client browser returned ERR_TOO_MANY_REDIRECTS and nginx error log shows

[crit] 2707#2707: *768 SSL_do_handshake() failed (SSL: error:14209102:SSL routines:tls_early_post_process_client_hello:unsupported protocol) while SSL handshaking,

The Certbot certificate is still valid. I have tested with multiple devices and browsers and get the same / similar error.

I have been googling but cannot find a plausible explanation. One thing that has happened is that my devices have updated to GMT (from BST) yesterday - but this has not affected other servers/sites that are configured in the same way.

Any help appreciated.

nginx.conf:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

nginx /sites-enabled/sqeazy.conf

# the upstream component nginx needs to connect to

upstream django {

    server unix:///home/ubuntu/sqeazy/sqeazy.sock;

}



# configuration of the server

server {

    server_name sqeazy.com www.sqeazy.com;

    charset     utf-8;



    # max upload size

    client_max_body_size 75M;



    # Django media and static files

    location /media  {

        alias /home/ubuntu/sqeazy/media;

    }

    location /static {

        alias /home/ubuntu/sqeazy/static;

    }



    # Send all non-media requests to the Django server.

    location / {

        uwsgi_pass  django;

        include     /home/ubuntu/sqeazy/uwsgi_params;

    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/sqeazy.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sqeazy.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.sqeazy.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = sqeazy.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen      80;
    server_name sqeazy.com www.sqeazy.com;
    return 404; # managed by Certbot
}
1419
0 + 0
ssl
Paul avatar
cn flag
Paul
Please post the nginx configuration.
0
Reply
Paul avatar
cn flag
Paul
Please post the contents of the files or symlinked files in `/etc/sites-enabled/*` as they relate to the problem domain.
0
Reply
RevenueNexus RevenueNexus avatar
ie flag
RevenueNexus RevenueNexus
I have traced the problem. We had an exceptionally high level of requests and exceeded our limit on a request we make for user location to ipstack.com which caused an error on the site back-end. So it would seem that this SSL handshake error can be caused by no response from the server.
1
Reply
Paul avatar
cn flag
Paul
Please either post an answer and accept or delete the question. SE forces questions without accepted answers to the top of the queue on a rotating basis, so your question will for a decade or more keep cycling through and annoying the regulars.
1
Reply
Score:0
avatar Server
in flag
user914586

I have traced the problem. We had an exceptionally high level of requests and exceeded our limit on a request we make for user location to ipstack.com which caused an error on the site back-end.

So it would seem that this SSL handshake error can be caused by no response from the server.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.