Moovweb Help Center

531 - SSL Connection Troubleshooting Guide

Follow

Resolving Upstream SSL connection issues with Moovweb Infrastructure

One of the possible causes for the 531 Dropped upstream connection is a failure in TLS negotiation between the Moovweb cloud and the upstream customer servers. There are a few things that you can check on your servers to ensure that TLS negotiation with the Moovweb servers is successful.

 

TLS

The Moovweb servers use TLS 1.2 to connect upstream. Please ensure that your servers support TLS 1.2.

 

TLS Cipher Suites

We use the default node.js TLS Cipher suite, which is detailed below:

ECDHE-RSA-AES128-GCM-SHA256:
ECDHE-ECDSA-AES128-GCM-SHA256:
ECDHE-RSA-AES256-GCM-SHA384:
ECDHE-ECDSA-AES256-GCM-SHA384:
DHE-RSA-AES128-GCM-SHA256:
ECDHE-RSA-AES128-SHA256:
DHE-RSA-AES128-SHA256:
ECDHE-RSA-AES256-SHA384:
DHE-RSA-AES256-SHA384:
ECDHE-RSA-AES256-SHA256:
DHE-RSA-AES256-SHA256:
HIGH:
!aNULL:
!eNULL:
!EXPORT:
!DES:
!RC4:
!MD5:
!PSK:
!SRP:
!CAMELLIA

 

Testing your Site

To test whether or not your servers support TLS 1.2, and use the required Cipher Suites, you can perform the following curl on your environment, upstream of Moovweb.

curl -o /dev/null -v https://<your domain>/

 

You should see the following line in the response to the curl:

* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384

 

You can also use online tools, such as www.sslchecker.com, to check the TLS and Cipher Suites on your server.

If the TLS version is not 1.2, or the Cipher suite is not included in the above list, please reach out to your IT team.

 

Have more questions? Submit a request

Comments

Powered by Zendesk