SSL handshake error : bad key share

박종혁·2022년 2월 21일
memo
0

Error

2022/01/17 08:21:48 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/01/17 08:21:49 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/01/17 08:21:50 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/01/17 08:21:51 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/01/17 08:21:52 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/01/17 08:21:55 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/01/17 08:21:58 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/01/17 08:22:05 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/01/17 08:22:18 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/01/17 08:22:45 [emerg] 1#1: host not found in upstream "frontend:80" in /etc/nginx/nginx.conf:19
2022/02/15 06:45:22 [crit] 31#31: *62 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 51.158.115.148, server: 0.0.0.0:443
2022/02/15 12:11:38 [crit] 30#30: *328 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.206.155, server: 0.0.0.0:443
2022/02/15 18:59:18 [crit] 30#30: *477 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 80.82.77.139, server: 0.0.0.0:443
2022/02/16 08:48:58 [crit] 31#31: *839 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 143.198.4.69, server: 0.0.0.0:443
2022/02/16 09:10:19 [crit] 30#30: *857 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 185.163.109.66, server: 0.0.0.0:443
2022/02/16 09:10:31 [crit] 31#31: *869 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 185.163.109.66, server: 0.0.0.0:443
2022/02/16 09:10:32 [crit] 31#31: *870 SSL_do_handshake() failed (SSL: error:14201044:SSL routines:tls_choose_sigalg:internal error) while SSL handshaking, client: 185.163.109.66, server: 0.0.0.0:443
2022/02/16 14:24:44 [crit] 31#31: *948 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 198.199.105.162, server: 0.0.0.0:443
2022/02/16 23:57:13 [crit] 31#31: *1087 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 185.220.101.37, server: 0.0.0.0:443
2022/02/17 01:41:03 [emerg] 1#1: host not found in upstream "backend:3308" in /etc/nginx/nginx.conf:23
2022/02/17 03:23:50 [emerg] 1#1: host not found in upstream "backend:3308" in /etc/nginx/nginx.conf:23
2022/02/17 05:27:31 [emerg] 1#1: host not found in upstream "backend:3308" in /etc/nginx/nginx.conf:23
2022/02/17 05:28:43 [emerg] 1#1: host not found in upstream "backend:3308" in /etc/nginx/nginx.conf:23
2022/02/17 06:44:04 [emerg] 1#1: host not found in upstream "backend:3308" in /etc/nginx/nginx.conf:23
2022/02/17 07:07:47 [crit] 24#24: *33 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 65.49.20.67, server: 0.0.0.0:443
2022/02/17 08:25:39 [crit] 24#24: *81 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 66.240.192.138, server: 0.0.0.0:443
2022/02/17 14:26:44 [crit] 24#24: *249 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.212.32, server: 0.0.0.0:443

ssl 인증서 오류인듯 함

DNS상에 실제 등록된 서버와 인증서간의 서버 도메인은 일치하나 주소가 달라서 생기는 문제로 추정

시도

DNS 서버를 타야하는 상황에서 미리 DNS 서버에 해당 도메인이 바라볼 리소스 수정
이후 해당 인스턴스 내에서 docker-compose 이미지 실행전 인증서 받는 과정 진행 (스크립트 실행)
그리고 docker-compose 실행 후 확인 >> 실패

hosts 파일확인
기존에 local 환경에서 테스트하기 위해 domain을 localhost로 등록해두었음
/etc/hosts, c:\Windows\System32\drivers\etc\hosts에서 해당 domain 제거

domain 접근 가능 및 https, ssl 적용 완료!

항상 windows와 wsl내의 hosts파일 모두를 같이 수정할 것

profile
박종혁
메모 메모
이전 포스트

npm global package vulnerabilities 해결

다음 포스트

Mongodb data import

0개의 댓글