Reputation: 874
nginx - log SSL handshake failures
I'm running an nginx server with SSL enabled.
My protocol / cipher settings are fairly secure, and I've checked them at ssllabs.com, but --
-- since this is a web service which is called by http clients that I have no control over, I have concerns about compatibility.
To the point:
Is there a way to log SSL handshake failures as they happen (if they happen) in my nginx logs?
For example, I've got SSLv3 disabled, and if I try to "curl -3" (forcing SSlv3) to my server, then I get this:
- NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
- Cannot communicate securely with peer: no common encryption algorithm(s).
- Closing connection 0 curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
I would like to log this type of error in server logs too, with the default nginx settings, there is nothing.
Enabling "debug" log level for the error log does what I want, will log SSL handshake errors -- but unfortunately it also logs too much other stuff, making the log too bloated, drowning out other potentially useful info.
Upvotes: 2
Views: 6036
Answers (1)
Related Questions
- Server sent fatal alert: handshake_failure
- How to log SSL handshake in node's https module
- Nginx server closes ssl connection for some clients
- Logging the request protocol in nginx?
- Handshake failure when requesting nginx server in https protocol
- nginx critical error with SSL handshaking
- Nginx SSL Handshake Error
- intermittent SSL handshake error nginx
- Python 3: How to log SSL handshake errors from server side
- SSL Handshake problems with nginx reverse proxy