Nginx SSL_do_handshake () falhou SSL: erro: 1417D18C: SSL

Question

Nginx SSL_do_handshake () falhou SSL: erro: 1417D18C: SSL

#1 resposta do (3 votos)
#2 resposta do (1 votos)
#3 resposta do (0 votos)

4

Hoje instalamos um certificado SSL (do letsencrypt) em nosso servidor, que hospeda um site muito ocupado.

Após algumas horas, notamos que alguns usuários estão recebendo erros do nginx:

2018/03/28 13:04:48 [crit] 8997#8997: *604175694 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 2.178.99.86, server: 0.0.0.0:443
2018/03/28 13:06:03 [crit] 9937#9937: *604177779 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 5.73.106.149, server: 0.0.0.0:443
2018/03/28 13:06:46 [crit] 9949#9949: *604179134 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 192.15.212.150, server: 0.0.0.0:443
2018/03/28 13:10:33 [crit] 9942#9942: *604185439 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 5.234.36.205, server: 0.0.0.0:443

A julgar pelos endereços IP, provavelmente os usuários estão usando o celular para navegar, mas não tenho idéia sobre seus navegadores. Eu mudei o registro de erros nginx para o modo de depuração e aqui estão algumas partes da saída:

Server: nginx^M
Date: Wed, 28 Mar 2018 13:37:19 GMT^M
Content-Type: text/html; charset=UTF-8^M
Transfer-Encoding: chunked^M
Connection: keep-alive^M
Set-Cookie: PHPSESSID=r3mo9gh549obv41nkrf747l017; path=/^M
Expires: Thu, 19 Nov 1981 08:52:00 GMT^M
Cache-Control: no-store, no-cache, must-revalidate^M
Pragma: no-cache^M
Location: *******************************
X-Cache: MISS^M

2018/03/28 18:07:19 [debug] 24356#24356: *604585753 write new buf t:1 f:0 00007F06A5884708, pos 00007F06A5884708, size: 601 file: 0, size: 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http write filter: l:0 f:0 s:601
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http script var: "0"
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http file cache set header
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http cacheable: 1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http upstream process upstream
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 pipe read upstream: 1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 pipe preread: 23
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 readv: 1, last:261440
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 pipe recv chain: 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 pipe buf free s:0 t:1 f:0 00007F06A56D0B50, pos 00007F06A56D0DF9, size: 23 file: 0, size: 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 pipe length: -1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi record byte: 01
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi record byte: 03
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi record byte: 00
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi record byte: 01
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi record byte: 00
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi record byte: 08
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi record byte: 00
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi record byte: 00
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi record length: 8
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http fastcgi sent end request
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 pipe write chain
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 add cleanup: 00007F06A5884B20
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 hashed path: /var/lib/nginx/fastcgi/7/54/0423471547
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 temp fd:129
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 write: 129, 00007F06A56D0B50, 681, 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 pipe write downstream: 1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 pipe write downstream done
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 event timer: 80, old: 1522244549474, new: 1522244549680
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http file cache update
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http file cache rename: "/var/lib/nginx/fastcgi/7/54/0423471547" to "/run/shm/nginx/f/d9/b295394f65a2a43ae0ec0adadd243d9f"
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 malloc: 00007F06A5677B30:64
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 malloc: 00007F06A588F5E0:681
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http upstream exit: 0000000000000000
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 finalize http upstream request: 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 finalize http fastcgi request
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 free rr peer 1 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 close http upstream connection: 80
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 free: 00007F06A55C40A0, unused: 48
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 event timer del: 80: 1522244549474
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 reusable connection: 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http upstream temp fd: 129
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http output filter "/index.php?p=1187697"
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http copy filter: "/index.php?p=1187697"
2018/03/28 18:07:19 [debug] 24364#24364: *604587625 SSL_do_handshake: 1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http postpone filter "/index.php?p=1187697" 00007FFD85DA3BF0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http chunk: 0
2018/03/28 18:07:19 [debug] 24364#24364: *604587625 SSL: TLSv1.1, cipher: "ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1"
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 write old buf t:1 f:0 00007F06A5884708, pos 00007F06A5884708, size: 601 file: 0, size: 0
2018/03/28 18:07:19 [debug] 24364#24364: *604587625 reusable connection: 1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 write new buf t:0 f:0 0000000000000000, pos 00007F06A3953C9B, size: 5 file: 0, size: 0
2018/03/28 18:07:19 [debug] 24364#24364: *604587625 http wait request handler
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http write filter: l:1 f:0 s:606
2018/03/28 18:07:19 [debug] 24364#24364: *604587625 malloc: 00007F06A5668370:1024
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http write filter limit 0
2018/03/28 18:07:19 [debug] 24364#24364: *604587625 SSL_read: -1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 malloc: 00007F06A5722010:16384
2018/03/28 18:07:19 [debug] 24364#24364: *604587625 SSL_get_error: 2
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 SSL buf copy: 601
2018/03/28 18:07:19 [debug] 24364#24364: *604587625 free: 00007F06A5668370
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 SSL buf copy: 5
2018/03/28 18:07:19 [debug] 24364#24364: *604587624 SSL handshake handler: 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 SSL to write: 606
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 SSL_write: 606
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http write filter 0000000000000000
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http copy filter: 0 "/index.php?p=1187697"
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http finalize request: 0, "/index.php?p=1187697" a:1, c:1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 set http keepalive handler
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http close request
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 http log handler
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 posix_memalign: 00007F06A56C79D0:4096 @16
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 run cleanup: 00007F06A5884B20
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 file cleanup: fd:129
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 run cleanup: 00007F06A579A998
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 run cleanup: 00007F06A579A098
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 close cached open file: *******************************
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 expire cached open file: *******************************
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 expire cached open file: *******************************
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 run cleanup: 00007F06A5799E90
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 close cached open file: *******************************
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 expire cached open file: *******************************
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 expire cached open file: *******************************
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 close cached open file: *******************************
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 free: 00007F06A56D0B50
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 free: 00007F06A5846DC0, unused: 1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 free: 00007F06A57999C0, unused: 2
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 free: 00007F06A5883DB0, unused: 61
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 free: 00007F06A56C79D0, unused: 3689
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 free: 00007F06A571F240
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 hc free: 0000000000000000 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 hc busy: 0000000000000000 0
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 free: 00007F06A5722010
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 reusable connection: 1
2018/03/28 18:07:19 [debug] 24356#24356: *604585753 event timer add: 36: 310000:1522244549680
2018/03/28 18:07:19 [debug] 24364#24364: *604587624 SSL_do_handshake: 1
2018/03/28 18:07:19 [debug] 24364#24364: *604587624 SSL: TLSv1.1, cipher: "ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1"
2018/03/28 18:07:19 [debug] 24364#24364: *604587624 reusable connection: 1
2018/03/28 18:07:19 [debug] 24364#24364: *604587624 http wait request handler
2018/03/28 18:07:19 [debug] 24364#24364: *604587624 malloc: 00007F06A5668480:1024
2018/03/28 18:07:19 [debug] 24364#24364: *604587624 SSL_read: -1
2018/03/28 18:07:19 [debug] 24364#24364: *604587624 SSL_get_error: 2
2018/03/28 18:07:19 [debug] 24364#24364: *604587624 free: 00007F06A5668480
2018/03/28 18:07:19 [debug] 24360#24360: post event 00007F069F820070
2018/03/28 18:07:19 [debug] 24360#24360: delete posted event 00007F069F820070
2018/03/28 18:07:19 [debug] 24360#24360: accept on 0.0.0.0:443, ready: 1
2018/03/28 18:07:19 [debug] 24360#24360: posix_memalign: 00007F06A5621B50:512 @16
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 accept: 5.213.82.78:10738 fd:53
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 event timer add: 53: 10000:1522244249682
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 reusable connection: 1
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 epoll add event: fd:53 op:1 ev:80002001
2018/03/28 18:07:19 [debug] 24360#24360: accept() not ready (11: Resource temporarily unavailable)
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 post event 00007F069F820A90
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 delete posted event 00007F069F820A90
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 http check ssl handshake
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 http recv(): 1
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 https ssl handshake: 0x16
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 SSL_do_handshake: -1
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 SSL_get_error: 1
2018/03/28 18:07:19 [crit] 24360#24360: *604587635 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 5.213.82.78, server: 0.0.0.0:443
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 close http connection: 53
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 event timer del: 53: 1522244249682
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 reusable connection: 0
2018/03/28 18:07:19 [debug] 24360#24360: *604587635 free: 00007F06A5621B50, unused: 152
2018/03/28 18:07:19 [debug] 24364#24364: *604587627 SSL handshake handler: 0
2018/03/28 18:07:19 [debug] 24364#24364: *604587627 SSL_do_handshake: 1
2018/03/28 18:07:19 [debug] 24364#24364: *604587627 SSL: TLSv1.1, cipher: "ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1"
2018/03/28 18:07:19 [debug] 24364#24364: *604587627 reusable connection: 1
2018/03/28 18:07:19 [debug] 24364#24364: *604587627 http wait request handler
2018/03/28 18:07:19 [debug] 24364#24364: *604587627 malloc: 00007F06A56A0050:1024
2018/03/28 18:07:19 [debug] 24364#24364: *604587627 SSL_read: -1
2018/03/28 18:07:19 [debug] 24364#24364: *604587627 SSL_get_error: 2
2018/03/28 18:07:19 [debug] 24364#24364: *604587627 free: 00007F06A56A0050
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 SSL handshake handler: 0
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 SSL_do_handshake: 1
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 SSL: TLSv1.1, cipher: "ECDHE-RSA-AES128-SHA TLSv1 Kx=ECDH Au=RSA Enc=AES(128) Mac=SHA1"
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 reusable connection: 1
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 http wait request handler
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 malloc: 00007F06A56A0130:1024
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 SSL_read: -1
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 SSL_get_error: 2
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 free: 00007F06A56A0130
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http wait request handler
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 malloc: 00007F06A56A0130:1024
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 SSL_read: -1
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 SSL_get_error: 2
2018/03/28 18:07:19 [debug] 24364#24364: *604587626 free: 00007F06A56A0130
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http wait request handler
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 malloc: 00007F06A56A0130:1024
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 SSL_read: 823
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 SSL_read: -1
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 SSL_get_error: 2
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 reusable connection: 0
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 posix_memalign: 00007F06A568CAC0:4096 @16
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http process request line
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http request line: "GET /?p=1246163 HTTP/1.1"
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http uri: "/"
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http args: "p=1246163"
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http exten: ""
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 posix_memalign: 00007F06A5677680:4096 @16
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http process request header line
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http header: "Host: www.e-estekhdam.com"
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http header: "Connection: keep-alive"
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http header: "User-Agent: Mozilla/5.0 (Linux; Android 4.2.2; C2305 Build/16.0.B.2.16) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1500.94 Mobile Safari/537.36"
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http header: "Accept-Encoding: gzip,deflate,sdch"
2018/03/28 18:07:19 [debug] 24364#24364: *604587623 http header: "Accept-Language: fa,en-US;q=0.8,en;q=0.6"

Este é um navegador antigo do Android para celular ou uma visualização da Web de um telefone Android antigo.

Eu quero poder suportar esse tipo de navegador, então decidi adicionar suporte para TLSv1 & SSLv2 & SSLv3 então eu adicionei isso ao meu arquivo de configuração nginx:

ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

No entanto, com base nas inspeções que fiz, meu servidor ainda não suporta SSLv3 (e sim, eu sei sobre o POODLE) e ainda há muitos usuários recebendo um erro de handshake com base no log de erros do nginx.

A pergunta é o que devo fazer para oferecer suporte a esses tipos de navegadores?

ssl nginx

por user1518820 28.03.2018 / 16:40

3 respostas

Tags ssl nginx

Forçosamente dividir o domínio do Active Directory 2003 Recuperar dados do RAID 1 sem controlador

score 3 · Answer 1

Ignore-os

Olhando para o número de tentativas de conexão feitas em meu site em um curto espaço de tempo, estas são claramente tentativas de comprometer a segurança do servidor. Não faça o downgrade das configurações de segurança para facilitar a tarefa desses caras. São 93 solicitações do mesmo endereço IP em 2 segundos.

2018/06/11 04:22:00 [crit] 972#972: *315608 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315616 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315643 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315645 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315650 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315652 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315663 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315674 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315675 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 971#971: *315677 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315680 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315685 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315691 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315703 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315712 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315719 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315720 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315734 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315737 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315738 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315766 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315767 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315770 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315771 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315776 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315778 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315782 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315786 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315787 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315789 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315790 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315793 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:00 [crit] 972#972: *315797 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315803 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315807 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315809 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315813 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315818 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315823 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315829 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315831 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 971#971: *315835 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315837 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315839 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315840 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315841 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315843 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315844 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315845 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315846 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315847 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315848 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315849 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315850 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315853 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315856 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315858 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315859 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315860 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315861 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315863 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315862 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315864 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315866 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315867 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315868 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315870 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315871 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315872 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315873 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315874 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315875 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315876 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315877 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315878 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315879 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315880 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315881 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315882 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315883 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315887 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315888 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315889 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315890 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315893 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315896 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315897 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315898 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315899 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315900 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315902 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315903 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443
2018/06/11 04:22:01 [crit] 972#972: *315904 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: 172.104.154.126, server: 0.0.0.0:443

score 1 · Answer 2

Eu apoio totalmente a declaração do Andrew, quase ninguém está fornecendo suporte para SSLv2 / 3 ou clientes sem SNI. Mas se você ainda quiser, correndo o risco de expor os dados de todos os outros usuários, faça o teste ssl aqui link e ajustar suas cifras até que seja compatível com todos os navegadores listados. Ignore o Android 2.xe o Java 1.6.x que você nunca conseguirá fazer o downgrade de sua segurança tanto sem um suprimento infinito de endereços IPv4 e é melhor desativar o HTTPS se você planeja fazer isso, dessa forma pelo menos seus usuários ganharam Não se deixe enganar pela suposição de que a conexão é segura.

score 0 · Answer 3

Tenho certeza de que routines:tls_process_client_hello:version too low indica que o cliente não pode usar as cifras configuradas em seu sistema para se conectar. Além disso, se o navegador não confiar na Vamos Encriptar a CA Raiz, eles falharão na conexão.

Eu não concordo com o rebaixamento da segurança do seu site para permitir que alguns clientes com hardware antigo, que eles devem ter atualizado há muito tempo, para permitir que eles se conectem. Você está literalmente sacrificando a segurança apenas por um punhado de clientes.

Também não é improvável que estes não sejam mesmo clientes reais. Estes podem ser "clientes" mal-intencionados tentando forçar uma conexão desclassificada para começar a quebrar sua segurança para roubar informações, a chave privada, etc ...