SSL Errors when using CloudFlare and NAT: ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:997)
Posted: November 27th, 2022, 12:49 pm
Howdy,
I've been playing around with this but can't seem to figure it out. My end goal is to only allow nzb sites to send NZBs to sab via nzb api key over ssl and that seems to work fine but I get a lot of errors about SSL handshakes. I've been getting this error for probably more than a year over all of the releases since. I get the error regardless of actually sending an api call at regular intervals. The two today are exactly a half hour apart. If I goto my domain externally on that port, I receive the sab login page and a valid cloudflare cert and happy security icon in chrome.
My setup is a docker container exposing port 9090 in sab config with docker redirecting 2083 (a cloudflare accepted port) to 9090. I use pfsense to forward traffic from my 2083 to my docker host on 2083. My guess is I don't have the sab certs applied probably but I've played around with it and haven't figured it out yet. Cloudflare is fine with a self-signed cert on the host side as it provides the encryption.
Is there something simple I'm missing?
Thanks in advance
[27/Nov/2022:01:02:12] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/cheroot/server.py", line 1823, in serve
self._connections.run(self.expiration_interval)
File "/usr/lib/python3.10/site-packages/cheroot/connections.py", line 203, in run
self._run(expiration_interval)
File "/usr/lib/python3.10/site-packages/cheroot/connections.py", line 246, in _run
new_conn = self._from_server_socket(self.server.socket)
File "/usr/lib/python3.10/site-packages/cheroot/connections.py", line 300, in _from_server_socket
s, ssl_env = self.server.ssl_adapter.wrap(s)
File "/usr/lib/python3.10/site-packages/cheroot/ssl/builtin.py", line 277, in wrap
s = self.context.wrap_socket(
File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:997)
I've been playing around with this but can't seem to figure it out. My end goal is to only allow nzb sites to send NZBs to sab via nzb api key over ssl and that seems to work fine but I get a lot of errors about SSL handshakes. I've been getting this error for probably more than a year over all of the releases since. I get the error regardless of actually sending an api call at regular intervals. The two today are exactly a half hour apart. If I goto my domain externally on that port, I receive the sab login page and a valid cloudflare cert and happy security icon in chrome.
My setup is a docker container exposing port 9090 in sab config with docker redirecting 2083 (a cloudflare accepted port) to 9090. I use pfsense to forward traffic from my 2083 to my docker host on 2083. My guess is I don't have the sab certs applied probably but I've played around with it and haven't figured it out yet. Cloudflare is fine with a self-signed cert on the host side as it provides the encryption.
Is there something simple I'm missing?
Thanks in advance
[27/Nov/2022:01:02:12] ENGINE Error in HTTPServer.serve
Traceback (most recent call last):
File "/usr/lib/python3.10/site-packages/cheroot/server.py", line 1823, in serve
self._connections.run(self.expiration_interval)
File "/usr/lib/python3.10/site-packages/cheroot/connections.py", line 203, in run
self._run(expiration_interval)
File "/usr/lib/python3.10/site-packages/cheroot/connections.py", line 246, in _run
new_conn = self._from_server_socket(self.server.socket)
File "/usr/lib/python3.10/site-packages/cheroot/connections.py", line 300, in _from_server_socket
s, ssl_env = self.server.ssl_adapter.wrap(s)
File "/usr/lib/python3.10/site-packages/cheroot/ssl/builtin.py", line 277, in wrap
s = self.context.wrap_socket(
File "/usr/lib/python3.10/ssl.py", line 513, in wrap_socket
return self.sslsocket_class._create(
File "/usr/lib/python3.10/ssl.py", line 1071, in _create
self.do_handshake()
File "/usr/lib/python3.10/ssl.py", line 1342, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: BAD_KEY_SHARE] bad key share (_ssl.c:997)