SSL_do_handshake() failed

When I checked the error.log, it says two error message as follows;
'2023/09/08 01:22:23 [crit] 177416#177416: *5834 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client:, >

2023/09/08 09:13:35 [error] 186867#186867: *2 upstream prematurely closed connection while reading response header from upstream, client:, server: easygosh>'

I am using Nginx and Gunicorn (Django). My web has been deployed on EC2 since last year. I tried to use google calendar api on my web app.
it is working fine in localhost but there is error 502 on production server. I checked on the nginx error log and found two error message above.

server {
server_name ;

 location = /favicon.ico { access_log off ; log_not_found off ; }
 location /static/ {         root /home/ubuntu/github/easygo ;

 location / {
     include proxy_params;
     proxy_send_timeout 10080;
     proxy_read_timeout 10080;
     proxy_connect_timeout 10080s;
     proxy_request_buffering off;
     proxy_buffering off;
     proxy_redirect off;
     proxy_ssl_server_name on;
     proxy_pass http://unix:/run/gunicorn.sock;

listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


server {
if ($host = {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = {
    return 301 https://$host$request_uri;
} # managed by Certbot

If you let me know how to fix this problem, much appreciated

This is not a problem and completly normal (most likely a TLS scanner). The crit warning level is a mistake that's fixed in newer nginx versions.

Your gunicorn server listening on that unix socket seems to have trouble. Suggest you check that first.


Thanks a lot! Can you kindly let me know how to check? I am so happy to see any hope to fix this problem.

1 Like

That is a well-known scanner domain.

This is from their site:

[not that I believe a word of it - nor do I endorse such activities]


What's it supposed to be, nmap as a service? :smiley:

(no, I guess it's not. I can't find where you're supposed to hire them)


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.