SSL 握手时 SSL_do_handshake() 失败(SSL:错误:141CF06C:SSL 例程:tls_parse_ctos_key_share:坏密钥共享),客户端:

SSL 握手时 SSL_do_handshake() 失败(SSL:错误:141CF06C:SSL 例程:tls_parse_ctos_key_share:坏密钥共享),客户端:

几个月前,我开始收到数十名用户的投诉,称在连接到我的网站时出现错误。当我查看 nginx 的 error.log 时,我看到每天都有 SSL 错误:

我不知道是什么原因导致了这个问题,因为 99% 的用户都成功了,而且我自己似乎无法复制它。一位用户说切换到 VPN 可以解决这个问题。stackoverflow 上的其他帖子表明,这种情况发生在来自同一 IP 的恶意请求中,但这里的情况并非如此。

有谁知道如何解决这个问题吗?

(几个月来我没有对该服务器/配置进行任何更改。)

该网络服务器在 Ubuntu 20.10 上运行

Nginx 错误日志

2022/04/16 04:40:19 [crit] 809329#809329: *13542487 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 138.197.194.139, server: 0.0.0.0:443
2022/04/16 04:40:32 [crit] 809329#809329: *13542919 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 38.132.118.76, server: 0.0.0.0:443
2022/04/16 04:58:54 [crit] 809329#809329: *13564742 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 165.227.227.95, server: 0.0.0.0:443
2022/04/16 05:10:29 [crit] 809329#809329: *13578753 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 138.197.194.139, server: 0.0.0.0:443
2022/04/16 05:59:32 [crit] 809329#809329: *13638601 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 178.73.215.171, server: 0.0.0.0:443
2022/04/16 07:16:27 [crit] 809330#809330: *13730741 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 65.49.20.67, server: 0.0.0.0:443
2022/04/16 07:18:19 [crit] 809330#809330: *13733448 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.223.231, server: 0.0.0.0:443
2022/04/16 09:51:15 [crit] 809330#809330: *13937194 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 165.227.227.95, server: 0.0.0.0:443

Nginx 配置

server {
    server_name api.domain.com www.api.domain.com;

    location / {
        proxy_pass http://localhost:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.api.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = api.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name api.domain.com www.api.domain.com;

    return 404; # managed by Certbot
}

相关内容