id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 39 SSL_do_handshake failed on verified certificate chain www.google.com/accounts/o8/id?id=AItOawm0It3Y0NZhBXtcIQKjVMUj-0FVkStKxMg somebody "2011/10/21 00:39:14 [crit] 31592#0: *3 SSL_do_handshake() failed (SSL: error:260B9092:engine routines:ENGINE_get_cipher:unimplemented cipher error:0607B086:digital envelope routines:EVP_CipherInit_ex:initialization error error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac) while SSL handshaking, client: 192.168.0.1, server: www.example.com This is a validated certificate chain from InCommon, validated with certtool -e and openssl verify. Same files work with Courier-IMAP, Postfix, stunnel and other SSL programs. The worker process exits with signal 10. So far I've not been able to get a coredump. Full configuration file to reproduce: error_log /tmp/error.log debug; events { worker_connections 128; } http { server { listen 127.0.0.1:9443; ssl on; ssl_certificate /etc/ssl/server.crt; ssl_certificate_key /etc/ssl/private/server.key; } } Thanks in advance." defect closed major nginx-core 1.1.x invalid ssl certificate cipher mac OpenBSD www.example.com 5.0 GENERIC.MP#63 amd64 "nginx: nginx version: nginx/1.1.4 nginx: TLS SNI support enabled nginx: configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --lock-path=/var/nginx/tmp/nginx.lock --http-client-body-temp-path=/var/nginx/tmp/client_body_temp --http-proxy-temp-path=/var/nginx/tmp/proxy_temp --http-fastcgi-temp-path=/var/nginx/tmp/fastcgi_temp --http-scgi-temp-path=/var/nginx/tmp/scgi_temp --http-uwsgi-temp-path=/var/nginx/tmp/uwsgi_temp --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --user=_nginx --group=_nginx --with-http_gzip_static_module --with-http_mp4_module --with-http_ssl_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-ipv6"