Thanks Matt. Would you have any guess as to why this is happening so frequently all of a sudden and disrupting traffic? It seems strange that it's so intermittent and only some users have the problem repeat for them. On Thu Jan 15 2015 at 6:30:56 AM Matt Caswell <matt at openssl.org> wrote: > > > On 15/01/15 05:03, Eric R. wrote: > > For the past week I've been noticing many entries like this in our nginx > > error logs: > > > > SSL_do_handshake() failed (SSL: error:1408A0D7:SSL > > routines:SSL3_GET_CLIENT_HELLO:required cipher missing) while SSL > > handshaking > > > > What does the error "required cipher missing" mean exactly? Some of our > > users reported that their browser gave them an SSL connection error and > > then it went away. Others can no longer connect to our site at all. I've > > had a look at the OpenSSL source code and I think the error is related > > to checking that the server still supports the last cipher a session > > used. Is this correct? The only change I can think of that may affect > > our list of available ciphers was an update to the latest version of > > OpenSSL that CentOS 5 provided back in November. That was two months ago > > though, and other than that I can't think of what could be causing this. > > It means that an attempt is being made to resume a session, however the > list of ciphers that the client is sending in the ClientHello does not > include the cipher that was negotiated in the original session. > > Matt > > _______________________________________________ > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150115/8ae65b9e/attachment.html>
