Open liugh1974 opened 7 years ago
I try to configure tcp with ssl, please see the following configuration: nginx.conf
tcp { upstream cluster { server localhost:8883; server localhost:8884; check interval=3000 rise=2 fall=5 timeout=1000; } server { listen 8888 ssl; proxy_pass cluster; ssl on; ssl_certificate crts/nginx_server.cert.pem; ssl_certificate_key crts/nginx_server.key.pem; ssl_client_certificate crts/ca-chain.pem; ssl_crl certs/ca.crl.pem; ssl_verify_client on; ssl_ciphers HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:20m; ssl_session_timeout 4h; ssl_verify_depth 2; } }
When there isn't ssl_crl parameter, all are fine. but when I add ssl_crl, the client always handshake failure with exception "Broken pipe (Write failed)". I'm sure that ca.crl.pem is a correct crl file, I have validated it correctly with openssl.
Could you tell me why?
I try to configure tcp with ssl, please see the following configuration: nginx.conf
When there isn't ssl_crl parameter, all are fine. but when I add ssl_crl, the client always handshake failure with exception "Broken pipe (Write failed)". I'm sure that ca.crl.pem is a correct crl file, I have validated it correctly with openssl.
Could you tell me why?