As we saw in a previous entry, there is another possible error in the communication of the reverse proxy with its upstream server. In this case the problem comes from the SSL encryption suite that is presented in the latter and that may disagree with that of the proxy. Here again we can be confronted with a 502 bad gateway error in the same way.

This time we will see:

2021/10/20 11:21:59 [error] 49661#114536: *3 SSL_do_handshake() failed (SSL: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:SSL alert number 70) while SSL handshaking to upstream, client: 172.16.0.30, server: test.example.com, request: "GET /favicon.ico HTTP/1.1", upstream: "https://192.168.1.100:443/favicon.ico", host: "test.example.com", referrer: "https://test.example.com/"

We can again use the OpenSSL suite to establish a connection and check the error. In this case, as we said above, the difference in encryption is the root of the problem. The solution is to enable a TLS algorithm like the one in the upstream server:

location / {
  proxy_pass https://test.example.com;
  proxy_ssl_protocols TLSv1.3;
}

In which the key is found in the lineproxy_ssl_protocols TLSv1.3;