[openssl-users] SSL3_GET_CLIENT_HELLO:required cipher missing

Matt Caswell matt at openssl.org
Thu Jan 15 11:29:24 UTC 2015



On 15/01/15 05:03, Eric R. wrote:
> For the past week I've been noticing many entries like this in our nginx
> error logs:
> 
> SSL_do_handshake() failed (SSL: error:1408A0D7:SSL
> routines:SSL3_GET_CLIENT_HELLO:required cipher missing) while SSL
> handshaking
> 
> What does the error "required cipher missing" mean exactly? Some of our
> users reported that their browser gave them an SSL connection error and
> then it went away. Others can no longer connect to our site at all. I've
> had a look at the OpenSSL source code and I think the error is related
> to checking that the server still supports the last cipher a session
> used. Is this correct? The only change I can think of that may affect
> our list of available ciphers was an update to the latest version of
> OpenSSL that CentOS 5 provided back in November. That was two months ago
> though, and other than that I can't think of what could be causing this.

It means that an attempt is being made to resume a session, however the
list of ciphers that the client is sending in the ClientHello does not
include the cipher that was negotiated in the original session.

Matt



More information about the openssl-users mailing list