id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	uname	nginx_version
1361	SSL: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol	iHeadRu@…		"nginx почему-то не может проксировать к некоторым https-сайтам.

Упрощенный конфиг, воспроизводящий проблему, выглядит так
    server {
            listen      127.0.0.1:443 ssl default;
            listen      ***:443 ssl default;
            server_name _;

            ssl_certificate      /usr/local/nginx/conf/cert.pem;
            ssl_certificate_key  /usr/local/nginx/conf/key.pem;

            location / {
                #proxy_ssl_protocols TLSv1.2; - не помогает, ошибка та же
                proxy_pass https://$host:443;
            }
    }

2017/08/21 14:46:44 [crit] 20127#0: *28079 SSL_do_handshake() failed (SSL: error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol) while SSL
handshaking to upstream, client: 192.168.***, server: _, request: ""GET / HTTP/1.1"", upstream: ""https://104.18.52.205:443/"", host: ""react.semantic-ui.com"",
referrer: ""http://react.semantic-ui.com/""

При этом прямой запрос через curl проходит нормально.

В чем может быть дело?"	defect	closed	minor		other	1.13.x	invalid			FreeBSD ***.ihead.ru 11.1-RELEASE-p1 FreeBSD 11.1-RELEASE-p1 #0: Wed Aug  9 11:55:48 UTC 2017     root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC  amd64	"nginx version: nginx/1.13.4
built by clang 4.0.0 (tags/RELEASE_400/final 297347) (based on LLVM 4.0.0)
built with OpenSSL 1.0.2l  25 May 2017
TLS SNI support enabled
configure arguments: --with-http_stub_status_module --with-http_flv_module --without-http_empty_gif_module --without-http_memcached_module --without-http_upstream_ip_hash_module --without-http_browser_module --with-http_ssl_module --without-http_uwsgi_module --without-http_scgi_module --with-openssl=../openssl-1.0.2l --with-http_v2_module --with-pcre-jit --with-http_auth_request_module --with-file-aio
"