Question background:
By calling the jingdong steel COINS interface exchange jingdong steel COINS, interface address is as follows: https://gbgate.jd.com/service/x/authenticate
Question phenomenon:
HTTPS call interface returns the handshake failure information, the reverse proxy in nginx log information: ssl_do_handshake () failed (SSL: error: 1408 f10b: SSL routines: ssl3_get_record: wrong version number) while the SSL handshaking to up upstream
Problem:
After screening, interface call process and request the other domain names, but no this domain firewall Settings allowed through strategy (our safety considerations are authorized can minimum principle without authorization authorization), it would lead to the failure to shake hands, interface to invoke domain name: gbgate.jd.com, call process access to another domain name: 3. Cn (this is jingdong many domain name certificate contains a domain, this domain is not in the firewall white list, cause the failure of the request)
The question I
HTTPS handshake, why could not access call address of the domain name (3. Cn)? What is the role of access to the domain name?