SSL_PROTOCOL_ERROR and SSL_ERROR_RX_UNEXPECTED_NEW_SESSION_TICKET
Recently, a website was setup on NGINX with LetsEncrypt for SSL. After all settings while opening the site, the browser refused and popped these errors:
I’ve used the below configuration for SSL on NGINX:
ssl_certificate /etc/letsencrypt/live/rootadminz.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/rootadminz.com/privkey.pem; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; ssl_buffer_size 4k;
Here’s the solution:
The default value needs to be changed from ssl_session_tickets off to ssl_session_tickets on. If you had set this to on then need not to worry as you shouldn’t get the above error message.
Now restart the NGINX service:
systemctl restart nginx