Reputation: 531
Nginx SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share
I got this error in nginx error log:
SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking
I use Let's Encrypt currently. Any ideas to solve this problem? Thank you, guys.
Upvotes: 37
Views: 67256
Answers (5)
Reputation: 29
Though it is not always the case, I agree with @stack3r.
I strongly suggest you to perform a DNS lookup on the IP address of the client.This might reveal interesting insights about the client.
In my case I found that this error was thrown while connecting with a client whose IP traced back to http://scan-06.shadowserver.org/. There are projects like these, scanning the internet for vulnerabilities.
Upvotes: 0
Reputation: 488
This may sound simple, but I was struggling with this issue because I was attempting to access http://example.com instead of https://example.com. It probably isn't your issue - but it worked for me.
Upvotes: 0
Reputation: 1
Check your secrete key decoupling with other settings.ini file your app secret is not linking with variable you set
Upvotes: -1
Reputation: 189
I was getting a similar error when I sent an HTTPS request from my computer in Iran to my server outside of Iran. Eventually I came to the conclusion that the problem is with our internet network (maybe government filtering) and using vpn solved the problem.
Therefore, I recommend testing with vpn.
Upvotes: 6
Reputation: 606
This isn't your problem.
The best thing you can do in this situation is just to keep your server reasonably updated and secured.
At best for you, the client side of a request was running seriously outdated software, and at worst your server is simply being scanned for vulnerabilities by compromised devices connected to the internet.
Personally I lean in the direction of this being scanning, as I myself see these errors on a private development server, to which only I should ever have a legitimate reason to connect to, yet I see a ton of IP addresses mentioned by the error from around the world.
Similar question and answer has already been provided here: https://serverfault.com/questions/905011/nginx-ssl-do-handshake-failed-ssl-error1417d18cssl/905019
Stay safe.
Upvotes: 49
Related Questions
- Nginx, Https, reverse proxy, handshake error. Need review of 'nginx/sites-enabled/default' file.
- getting 400 bad request error when nginx reverse proxy is configured with SSL.
- Invalid value "ssl_certificate" in /etc/nginx/nginx.conf
- NGINX reverse-proxy with SSL certificate gives SEC_ERROR_UNKNOWN_ISSUER error only in Firefox
- nginx: [emerg] invalid number of arguments in "ssl" directive in /etc/nginx/nginx.conf:70
- Nginx : SSL_CTX_use_PrivateKey_file (..) failed
- Nginx reverse proxy error:14077438:SSL SSL_do_handshake() failed
- Nginx SSL Certificate failed SSL: error:0B080074:x509 (Google Cloud)
- Another nginx reverse proxy issue
- SSL Handshake problems with nginx reverse proxy