[openssl-users] SSL3_GET_CLIENT_HELLO:required cipher missing

Eric R. erafaloff at gmail.com
Thu Jan 15 14:00:36 UTC 2015


Thanks Matt. Would you have any guess as to why this is happening so
frequently all of a sudden and disrupting traffic? It seems strange that
it's so intermittent and only some users have the problem repeat for them.

On Thu Jan 15 2015 at 6:30:56 AM Matt Caswell <matt at openssl.org> wrote:

>
>
> On 15/01/15 05:03, Eric R. wrote:
> > For the past week I've been noticing many entries like this in our nginx
> > error logs:
> >
> > SSL_do_handshake() failed (SSL: error:1408A0D7:SSL
> > routines:SSL3_GET_CLIENT_HELLO:required cipher missing) while SSL
> > handshaking
> >
> > What does the error "required cipher missing" mean exactly? Some of our
> > users reported that their browser gave them an SSL connection error and
> > then it went away. Others can no longer connect to our site at all. I've
> > had a look at the OpenSSL source code and I think the error is related
> > to checking that the server still supports the last cipher a session
> > used. Is this correct? The only change I can think of that may affect
> > our list of available ciphers was an update to the latest version of
> > OpenSSL that CentOS 5 provided back in November. That was two months ago
> > though, and other than that I can't think of what could be causing this.
>
> It means that an attempt is being made to resume a session, however the
> list of ciphers that the client is sending in the ClientHello does not
> include the cipher that was negotiated in the original session.
>
> Matt
>
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150115/8ae65b9e/attachment.html>


More information about the openssl-users mailing list