SSL_do_handshake() failed

Help
1

When I checked the error.log, it says two error message as follows;
'2023/09/08 01:22:23 [crit] 177416#177416: *5834 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 162.243.150.9, >

2023/09/08 09:13:35 [error] 186867#186867: *2 upstream prematurely closed connection while reading response header from upstream, client: 101.176.222.32, server: easygosh>'

I am using Nginx and Gunicorn (Django). My web has been deployed on EC2 since last year. I tried to use google calendar api on my web app.
it is working fine in localhost but there is error 502 on production server. I checked on the nginx error log and found two error message above.

server {
server_name easygoshuttle.com.au www.easygoshuttle.com.au ;

 location = /favicon.ico { access_log off ; log_not_found off ; }
 location /static/ {         root /home/ubuntu/github/easygo ;
 }

 location / {
     include proxy_params;
     proxy_send_timeout 10080;
     proxy_read_timeout 10080;
     proxy_connect_timeout 10080s;
     proxy_request_buffering off;
     proxy_buffering off;
     proxy_redirect off;
     proxy_ssl_server_name on;
     proxy_pass http://unix:/run/gunicorn.sock;
 }

listen 443 ssl http2; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/easygoshuttle.com.au/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/easygoshuttle.com.au/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
if ($host = www.easygoshuttle.com.au) {
return 301 https://$host$request_uri;
} # managed by Certbot

if ($host = easygoshuttle.com.au) {
    return 301 https://$host$request_uri;
} # managed by Certbot
2

If you let me know how to fix this problem, much appreciated

3

This is not a problem and completly normal (most likely a TLS scanner). The crit warning level is a mistake that's fixed in newer nginx versions.

Your gunicorn server listening on that unix socket seems to have trouble. Suggest you check that first.

4 Likes
4

Thanks a lot! Can you kindly let me know how to check? I am so happy to see any hope to fix this problem.

1 Like
5 
Name:    apzg-0720f-015.stretchoid.com
Address: 162.243.150.9

That is a well-known scanner domain.

This is from their site:

image
image715×534 22.7 KB

[not that I believe a word of it - nor do I endorse such activities]

2 Likes
6

What's it supposed to be, nmap as a service? :smiley:

(no, I guess it's not. I can't find where you're supposed to hire them)

3 Likes
7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.