[openssl-users] SSL3_GET_CLIENT_HELLO:required cipher missing

Matt Caswell matt at openssl.org
Thu Jan 15 11:29:24 UTC 2015

On 15/01/15 05:03, Eric R. wrote:
> For the past week I've been noticing many entries like this in our nginx
> error logs:
> SSL_do_handshake() failed (SSL: error:1408A0D7:SSL
> routines:SSL3_GET_CLIENT_HELLO:required cipher missing) while SSL
> handshaking
> What does the error "required cipher missing" mean exactly? Some of our
> users reported that their browser gave them an SSL connection error and
> then it went away. Others can no longer connect to our site at all. I've
> had a look at the OpenSSL source code and I think the error is related
> to checking that the server still supports the last cipher a session
> used. Is this correct? The only change I can think of that may affect
> our list of available ciphers was an update to the latest version of
> OpenSSL that CentOS 5 provided back in November. That was two months ago
> though, and other than that I can't think of what could be causing this.

It means that an attempt is being made to resume a session, however the
list of ciphers that the client is sending in the ClientHello does not
include the cipher that was negotiated in the original session.


More information about the openssl-users mailing list