%20%E5%A4%B1%E6%95%97%EF%BC%88SSL%EF%BC%9A%E9%8C%AF%E8%AA%A4%EF%BC%9A141CF06C%EF%BC%9ASSL%20%E4%BE%8B%E7%A8%8B%EF%BC%9Atls_parse_ctos_key_share%EF%BC%9A%E9%8C%AF%E8%AA%A4%E7%9A%84%E9%87%91%E9%91%B0%E5%85%B1%E7%94%A8%EF%BC%89%EF%BC%8C%E5%AE%A2%E6%88%B6%E7%AB%AF%EF%BC%9A.png)
幾個月前,我開始收到數十名用戶的投訴,並表示在連接到我的網站時出現錯誤。當我查看 nginx 的 error.log 時,我看到每日 SSL 錯誤:
我不知道什麼會導致這個問題,因為 99% 的用戶都通過了,而且我自己似乎無法複製它。一位用戶表示,改用 VPN 解決了他的問題。 stackoverflow 上的其他貼文表明,來自同一 IP 的惡意請求會發生這種情況,但這裡的情況並非如此。
有人知道要解決這個問題嗎?
(我已經幾個月沒有對此伺服器/配置進行任何更改了。)
網路伺服器在 Ubuntu 20.10 上運行
Nginx 錯誤.log
2022/04/16 04:40:19 [crit] 809329#809329: *13542487 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 138.197.194.139, server: 0.0.0.0:443
2022/04/16 04:40:32 [crit] 809329#809329: *13542919 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 38.132.118.76, server: 0.0.0.0:443
2022/04/16 04:58:54 [crit] 809329#809329: *13564742 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 165.227.227.95, server: 0.0.0.0:443
2022/04/16 05:10:29 [crit] 809329#809329: *13578753 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 138.197.194.139, server: 0.0.0.0:443
2022/04/16 05:59:32 [crit] 809329#809329: *13638601 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 178.73.215.171, server: 0.0.0.0:443
2022/04/16 07:16:27 [crit] 809330#809330: *13730741 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 65.49.20.67, server: 0.0.0.0:443
2022/04/16 07:18:19 [crit] 809330#809330: *13733448 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.223.231, server: 0.0.0.0:443
2022/04/16 09:51:15 [crit] 809330#809330: *13937194 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 165.227.227.95, server: 0.0.0.0:443
Nginx 設定
server {
server_name api.domain.com www.api.domain.com;
location / {
proxy_pass http://localhost:3000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.api.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = api.domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name api.domain.com www.api.domain.com;
return 404; # managed by Certbot
}