SSL 握手时 SSL_do_handshake() 失败（SSL：错误：141CF06C：SSL 例程：tls_parse_ctos_key_share：错误的密钥共享），客户端：

Question

几个月前，我开始收到数十名用户的投诉，称在连接到我的网站时出现错误。当我查看 nginx 的 error.log 时，我看到每日 SSL 错误：

我不知道什么会导致这个问题，因为 99% 的用户都通过了，而且我自己似乎无法复制它。一位用户表示，改用 VPN 解决了​​他的问题。stackoverflow 上的其他帖子表明，来自同一 IP 的恶意请求会发生这种情况，但这里的情况并非如此。

有谁知道解决这个问题吗？

（我已经几个月没有对此服务器/配置进行任何更改了。）

网络服务器在 Ubuntu 20.10 上运行

Nginx 错误.log

2022/04/16 04:40:19 [crit] 809329#809329: *13542487 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 138.197.194.139, server: 0.0.0.0:443
2022/04/16 04:40:32 [crit] 809329#809329: *13542919 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 38.132.118.76, server: 0.0.0.0:443
2022/04/16 04:58:54 [crit] 809329#809329: *13564742 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 165.227.227.95, server: 0.0.0.0:443
2022/04/16 05:10:29 [crit] 809329#809329: *13578753 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 138.197.194.139, server: 0.0.0.0:443
2022/04/16 05:59:32 [crit] 809329#809329: *13638601 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 178.73.215.171, server: 0.0.0.0:443
2022/04/16 07:16:27 [crit] 809330#809330: *13730741 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 65.49.20.67, server: 0.0.0.0:443
2022/04/16 07:18:19 [crit] 809330#809330: *13733448 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 192.241.223.231, server: 0.0.0.0:443
2022/04/16 09:51:15 [crit] 809330#809330: *13937194 SSL_do_handshake() failed (SSL: error:141CF06C:SSL routines:tls_parse_ctos_key_share:bad key share) while SSL handshaking, client: 165.227.227.95, server: 0.0.0.0:443

Nginx 配置

server {
    server_name api.domain.com www.api.domain.com;

    location / {
        proxy_pass http://localhost:3000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.api.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = api.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    listen [::]:80;

    server_name api.domain.com www.api.domain.com;

    return 404; # managed by Certbot
}