English 中文(简体)
Nginx差错 https . curl:(35)差错:1408F10B:SSL 例行:ssl3_get_record:wrong edition number
原标题:Nginx error https . curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

Nginx. I cant access my NodeJs app listening in port 3000 via https. I can do through http. https://www.modelistas.tk:3000/api/status throws error. I tried with curl

单一产出:

root@ip-172-31-50-215:/opt/letsencrypt# curl -v -k https://modelistas.tk:3000/api/status
*   Trying 72.44.61.151...
* TCP_NODELAY set
* Connected to modelistas.tk (72.44.61.151) port 3000 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* error:1408F10B:SSL routines:ssl3_get_record:wrong version number
* stopped the pause stream!
* Closing connection 0
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number

我的组合

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    
    # Añadimos que escuche en el puerto 443 SSL:
        listen 443 ssl;
    

    # SSL configuration
    #
    # listen 443 ssl default_server;
    # listen [::]:443 ssl default_server;
    #
    # Note: You should disable gzip for SSL traffic.
    # See: https://bugs.debian.org/773332
    #
    # Read up on ssl_ciphers to ensure a secure configuration.
    # See: https://bugs.debian.org/765782
    #
    # Self signed certs generated by the ssl-cert package
    # Don t use them in a production server!
    #
    # include snippets/snakeoil.conf;

    # AGREGADO Carpeta raiz de este servidor :
    root /var/www/www.modelistas.tk/public;

    # Add index.php to the list if you are using PHP
    index index.html index.htm;

    # AGREGADO
    server_name www.modelistas.tk modelistas.tk;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

    

    # deny access to .htaccess files, if Apache s document root
    # concurs with nginx s one
    #
    #agregado
    location ~ /.ht {
        deny all;
    }
    
    location ~ /.well-known {
                allow all;
    }
    
    location /api {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://localhost:3000/;
        proxy_ssl_session_reuse off;
        proxy_set_header Host $http_host;
        proxy_cache_bypass $http_upgrade;
        proxy_redirect off;
     }
    
     # Configuracion del certificado SSL de letsencrypt

        ssl_certificate /etc/letsencrypt/live/modelistas.tk/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/modelistas.tk/privkey.pem;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        
         # Cipher Suites disponibles:
        ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA ;

        ssl_prefer_server_ciphers on;

        # Uso de grupo Diffie-Hellman
        ssl_dhparam /etc/ssl/certs/dhparam.pem;

        ssl_session_timeout 1d;
        ssl_session_cache shared:SSL:50m;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header Strict-Transport-Security max-age=15768000;
        
    

}

server {
    listen 80;
    server_name modelistas.ml www.modelistas.tk;
    return 301 https://$host$request_uri;
}
问题回答

根据错误的信息,您没有服务器上的TLSv1.3。 • 更新 n,以支持TLSv1.3。

ssl_protocols TLSv1 TLSv1.1 TLSv1.2, TLSv1.3;

或者,你可以指出,通过这一选择, cur降级和使用TLSv1.2(或者无论服务器支持什么)。

页: 1

Also:

You are connecting to ssl / tls through port 3000. And there is no TLS on that port. Connect to 443 as that is what is configured. check if you are behind a proxy

时间:2020-08-07 20:04:31


上一篇:
下一篇:


相关问题
ssl on login form?

I have SSL on my website....when the user logs in from a http page the form action is sent to https page, would this still secure the posted data? Or would it be better to have the form and the page ...

时间:2009-11-16 21:43:29 回答:3 展示:1
SSL slowness in EC2

We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...

时间:2009-11-13 03:37:45 回答:3 展示:1
Why can t I find the truststore for an SSL handshake?

I m using the Spring RESTTemplate on the client side to make calls to a REST endpoint. The client in this case is a Spring app and Tomcat is the servlet container. I m running into issues making a ...

时间:2009-11-12 22:30:29 回答:2 展示:1
To add more parameter for my http header for SSL/TLS

As far as I understand, https is http plus SSL/TLS. What do I need to do if I want to add 3 more parameters for the header? I found a file inside Mozilla s NSS - ssl3ext.c, but I don t understand it ...

时间:2009-11-10 00:33:41 回答:3 展示:1
Why am I getting handshake_failure with Java SSL cert?

I m trying to use Hudson (which uses SVNKit) to access a Subversion repository that requires a client certificate to access it. I can access the same repository using the same client certificate via ...

时间:2009-11-06 14:24:44 回答:4 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全