Opened 4 years ago
Closed 4 years ago
#2073 closed defect (duplicate)
TLS 1.3 handshake failure with ssl_reject_handshake on
Reported by: | kn007 | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | nginx-1.19 |
Component: | nginx-module | Version: | 1.19.x |
Keywords: | Cc: | kn007 | |
uname -a: | Linux kn007.net 5.9.0-1.el8.elrepo.x86_64 #1 SMP Sun Oct 11 17:59:18 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.19.4
built by gcc 9.2.1 20191120 (Red Hat 9.2.1-2) (GCC) built with OpenSSL 1.1.1h 22 Sep 2020 TLS SNI support enabled |
Description
CentOS 8 x64
nginx/1.19.4
* TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS handshake, Finished (20):
Note:
See TracTickets
for help on using tickets.
That's a bug in OpenSSL, see #2071 for details. Consider either using certificates in the default server block even if they are not needed due to
ssl_reject_handshake
, or switching to a different SSL library.