Opened 4 years ago

Closed 4 years ago

#2073 closed defect (duplicate)

TLS 1.3 handshake failure with ssl_reject_handshake on

Reported by: kn007 Owned by:
Priority: minor Milestone: nginx-1.19
Component: nginx-module Version: 1.19.x
Keywords: Cc: kn007
uname -a: Linux 5.9.0-1.el8.elrepo.x86_64 #1 SMP Sun Oct 11 17:59:18 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.19.4
built by gcc 9.2.1 20191120 (Red Hat 9.2.1-2) (GCC)
built with OpenSSL 1.1.1h 22 Sep 2020
TLS SNI support enabled


CentOS 8 x64

* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):

Change History (1)

comment:1 by Maxim Dounin, 4 years ago

Resolution: duplicate
Status: newclosed

That's a bug in OpenSSL, see #2071 for details. Consider either using certificates in the default server block even if they are not needed due to ssl_reject_handshake, or switching to a different SSL library.

Note: See TracTickets for help on using tickets.