Hi, I recently changed my cipher ordering on my web server to drop RC4 support and currently I have HIGH:!RC4:!MD5:!aNULL:!EDH:!EXP:+ECDHE-RSA-AES128-SHA256:+3DES on my Origin.
On the other side my proxy load balancer which acts as the reverse proxy supports the following cipher suites RC4:HIGH:!aNULL:!MD5 Both the origin server and proxy runs the same openssl version OpenSSL 1.0.1 14 Mar 2012 I see the following errors on my origin server logs from when I changed the cipher suit to HIGH:!RC4:!MD5:!aNULL:!EDH:!EXP:+ECDHE-RSA-AES128-SHA256:+3DES 07/16 08:29:23.712888 ssl_support.c:158 ssl[31473] ERR (76:accept:[xxx.xxx.xxx.xx]:60004:443): OpenSSL Error 336130177 in s3_pkt.c:410 is 'error:1408F081:SSL routines:SSL3_GET_RECORD:block cipher pad is wrong' 07/16 13:06:51.721824 ssl_support.c:158 ssl[16812] ERR (105:accept:[ xxx.xxx.xxx.xx]:44048:443): OpenSSL Error 336150774 in s3_pkt.c:1270 is 'error:140940F6:SSL routines:SSL3_READ_BYTES:unknown alert type' I couldn't find why these errors are triggred, can you please help me with some information on the errors and let me know the best way to fix it. --David
