I recently started noticing the following errors in my proxy server logs after a change of cipher ordering on one of my upstream server.
Here are the errors, ssl_support.c:158 ssl[16812] ERR (51:accept:[xxx.xxx.xxx.xxx]:49044:443): OpenSSL Error 336130177 in s3_pkt.c:410 is 'error:1408F081:SSL routines:SSL3_GET_RECORD:block cipher pad is wrong ssl_support.c:158 ssl[16814] ERR (84:accept:[xxx.xxx.xxx.xxx]:58615:443): OpenSSL Error 336150774 in s3_pkt.c:1270 is 'error:140940F6:SSL routines:SSL3_READ_BYTES:unknown alert type There are bunch of them, both proxy and upstream has the same version of openssl OpenSSL 1.0.1 14 Mar 2012 Cipher ordering on proxy node is RC4:HIGH:!aNULL:!MD5 While on the upstream its HIGH:!RC4:!MD5:!aNULL:!EDH:!EXP:+ECDHE-RSA-AES128-SHA256:+3DES With Server Preference Enabled. It will be great if you can help with this debugging, not sure what triggers these errors --David
