2017/05/30 09:44:59 [debug] 3486#3486: *1221 free: 000055D2824FBC40, unused: 24
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL certificate status callback
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL_do_handshake: -1
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL_get_error: 2
2017/05/30 09:57:01 [debug] 3486#3486: *1223 reusable connection: 0
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL handshake handler: 0
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL_do_handshake: 1
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEAD"
2017/05/30 09:57:01 [debug] 3486#3486: *1223 reusable connection: 1
2017/05/30 09:57:01 [debug] 3486#3486: *1223 http wait request handler
2017/05/30 09:57:01 [debug] 3486#3486: *1223 malloc: 000055D282587F80:1024
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL_read: -1
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL_get_error: 2
2017/05/30 09:57:01 [debug] 3486#3486: *1223 free: 000055D282587F80
2017/05/30 09:57:01 [debug] 3486#3486: *1223 http wait request handler
2017/05/30 09:57:01 [debug] 3486#3486: *1223 malloc: 000055D282587F80:1024
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL_read: 0
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL_get_error: 1
2017/05/30 09:57:01 [info] 3486#3486: *1223 SSL_read() failed (SSL: error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:SSL alert number 10) while waiting for request, client: 195.16.143.6, server: 0.0.0.0:443
2017/05/30 09:57:01 [debug] 3486#3486: *1223 close http connection: 38
2017/05/30 09:57:01 [debug] 3486#3486: *1223 SSL_shutdown: 1
2017/05/30 09:57:01 [debug] 3486#3486: *1223 event timer del: 38: 1496131081192
2017/05/30 09:57:01 [debug] 3486#3486: *1223 reusable connection: 0
2017/05/30 09:57:01 [debug] 3486#3486: *1223 free: 000055D282587F80
2017/05/30 09:57:01 [debug] 3486#3486: *1223 free: 000055D282508980, unused: 24
当我在 nginx 中启用 SSL3 时,我不明白这个错误,它只发生在这个子域中。其余的子域我有相同的,他们工作。
我的subdomain.conf:
ssl_certificate /etc/letsencrypt/live/musica.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/musica.domain.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
铬错误:
ERR_SSL_PROTOCOL_ERROR
Mozilla 错误:
连接到 musica.domain.com 时出错。SSL 收到意外的新会话票证握手消息。错误代码:SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET
当有多个子域的SSL配置应该是一样的时候发现问题。我通过将 SSL 参数放在不同的文件中并将其包含在 subdomain.conf 中得到了什么,您会看到在我失败的子域中,我复制了错误的密码并且出现了问题,现在当从同一个调用所有子域时站点 SSL 配置,而不是逐个文件,它不再是错误,因为所有配置都相同。
这个大纲给了我线索:
https://github.com/jwilder/nginx-proxy/issues/580#issuecomment-249587149
配置文件 /etc/nginx/snippets/ssl-params.conf
您的 nginx 子域配置文件未启用 SSLv3;仅 TLSv1.0/1.1/1.2。如果您的客户端(浏览器)仅尝试协商 SSLv3,这应该只适用于古老的浏览器,或者如果浏览器或操作系统配置为仅使用 SSLv3,它将失败。
另一个更有可能的可能性是客户端不支持您的密码集。如果您放松密码,您的网络浏览器是否连接?