Site icon David Yin's Blog

Get 502 bad gateway error from CloudFront CDN with SSL

I have a site with https only. And at the same time I am using AWS CloudFront as CDN.

One issue I met is 502 Bad Gateway error.

After the Googleing and research, I found the reason of it.

The real reason is AWS Cloudfront just support certain Encryption method.

See the results from ssllabs testing.

Then I change the seetings in SSL cipher suite.

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

Then, run ssllabs test again, result as below:

The 502 bad gateway is gone.

CloudFront forwards HTTPS requests to the origin server using the SSLv3 or TLSv1 protocols and the following ciphers:

  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES256-SHA
  • AES128-GCM-SHA256
  • AES256-GCM-SHA384
  • AES128-SHA256
  • AES256-SHA
  • AES128-SHA
  • RC4-MD5

If your origin server does not support at least one of these ciphers, CloudFront cannot establish an SSL connection to your origin.

When it happens, 502 bad gateway comes.

 

The official explaination from Amazon AWS is here: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html

Exit mobile version