Resolving Upstream SSL connection issues with Moovweb Infrastructure
One of the possible causes for the 531 Dropped upstream connection is a failure in TLS negotiation between the Moovweb cloud and the upstream customer servers. There are a few things that you can check on your servers to ensure that TLS negotiation with the Moovweb servers is successful.
The Moovweb servers use TLS 1.2 to connect upstream. Please ensure that your servers support TLS 1.2.
TLS Cipher Suites
We use the default node.js TLS Cipher suite, which is detailed below:
Testing your Site
To test whether or not your servers support TLS 1.2, and use the required Cipher Suites, you can perform the following curl on your environment, upstream of Moovweb.
curl -o /dev/null -v https://<your domain>/
You should see the following line in the response to the curl:
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
You can also use online tools, such as www.sslchecker.com, to check the TLS and Cipher Suites on your server.
If the TLS version is not 1.2, or the Cipher suite is not included in the above list, please reach out to your IT team.