On 15/01/15 05:03, Eric R. wrote: > For the past week I've been noticing many entries like this in our nginx > error logs: > > SSL_do_handshake() failed (SSL: error:1408A0D7:SSL > routines:SSL3_GET_CLIENT_HELLO:required cipher missing) while SSL > handshaking > > What does the error "required cipher missing" mean exactly? Some of our > users reported that their browser gave them an SSL connection error and > then it went away. Others can no longer connect to our site at all. I've > had a look at the OpenSSL source code and I think the error is related > to checking that the server still supports the last cipher a session > used. Is this correct? The only change I can think of that may affect > our list of available ciphers was an update to the latest version of > OpenSSL that CentOS 5 provided back in November. That was two months ago > though, and other than that I can't think of what could be causing this. It means that an attempt is being made to resume a session, however the list of ciphers that the client is sending in the ClientHello does not include the cipher that was negotiated in the original session. Matt
