我们用openresty做网关,有提供单向https(证书配在ELB)和双向TLS的访问模式,会有来自手机Android和iOS APP的访问,还有一些非手机Android设备的访问。
最近没有更改/更新过代码,突然持续报错(日志如下),证书感觉没有问题,单向https和双向TLS的访问均能正常处理,没有搜到有效的解决方式,担心受到攻击,求大神解惑。
019/05/21 20:07:20 [crit] 14298#14298: *556855245 SSL_do_handshake() failed (SSL: error:04091068:rsa routines:int_rsa_verify:bad signature error:1417B07B:SSL routines:tls_process_cert_verify:bad signature) while SSL handshaking, client: 10.126.195.131, server: 0.0.0.0:443
2019/05/21 20:07:20 [crit] 14301#14301: *556855244 SSL_do_handshake() failed (SSL: error:04091068:rsa routines:int_rsa_verify:bad signature error:1417B07B:SSL routines:tls_process_cert_verify:bad signature) while SSL handshaking, client: 10.126.194.173, server: 0.0.0.0:443
2019/05/21 20:07:20 [crit] 14298#14298: *556855241 SSL_do_handshake() failed (SSL: error:04091068:rsa routines:int_rsa_verify:bad signature error:1417B07B:SSL routines:tls_process_cert_verify:bad signature) while SSL handshaking, client: 10.126.195.131, server: 0.0.0.0:443
2019/05/21 20:07:20 [crit] 14298#14298: *556855274 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 10.126.194.173, server: 0.0.0.0:443
2019/05/21 20:07:20 [crit] 14298#14298: *556855272 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 10.126.195.131, server: 0.0.0.0:443
2019/05/21 20:07:20 [crit] 14298#14298: *556855273 SSL_do_handshake() failed (SSL: error:1417D102:SSL routines:tls_process_client_hello:unsupported protocol) while SSL handshaking, client: 10.126.194.173, server: 0.0.0.0:443
版本信息如下:
openresty/1.13.6.2
nginx/1.12.1
OpenSSL 1.0.2k-fips
