Gunicorn 23 schannel: failed to receive handshake, SSL/TLS connection failed about gunicorn HOT 4 OPEN

Are you certain you meant to configure cert_reqs, your curl test is not using client auth. Also, reread the logs emitted by Gunicorn. If you have not seen the warning telling you ssl_version is deprecated and ignored, maybe you missed something else there?

from gunicorn.

Are you certain you meant to configure cert_reqs, your curl test is not using client auth. Also, reread the logs emitted by Gunicorn. If you have not seen the warning telling you ssl_version is deprecated and ignored, maybe you missed something else there?

I am trying to configure mTLS actually between Ngnix reverse proxy and Gunicorn. I assume the cert_reqs would be needed and both sides need the TLS CA certificate installed.

Yes, you are correct on the Curl command used. I changed it to just a Curl request without options. But when trying to hit the proxied "/dashboard/" via 9443 it has a 301 redirect but the TLS connection fails.

curl https://server01.mydomain.com:9443/dashboard
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.1</center>
</body>
</html>

curl https://server01.mydoamin.com:9450/dashboard
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

from gunicorn.

Are we assuming that Gunicorn does not support mTLS (mutual TLS) to secure the backend instead of terminating the TLS connection a Nginx and the plaintext talking to the app?

from gunicorn.

When I go to https://192.168.46.69:9450/dashboard using Incognito directly and bypass proxy, the Gunicorn TLS config is still not working. Browser is still saying connection not secure.

I tried to comment out all lines in the gunicorn.conf.py and use the cli

gunicorn --certfile /home/djangoweb/certs/star.mydomain.com.pem --keyfile /home/djangoweb/certs/private/star.mydoamin.com.key -c cloudmonitor/gunicorn.conf.py --error-logfile -

2024/08/16 11:54:54 [error] 4169609#0: *1 peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking to upstream, client: 10.206.10.11, server: server01.oversightsystems.com, request: "GET /dashboard/ HTTP/1.1", upstream: "https://192.168.46.69:9450/dashboard/", host: "server01.mydomain:9443"

For sanity, I may try my Django app with uwsgi to see if I can reproduce the issue or not.

from gunicorn.