I have a site with https only. And at the same time I am using AWS CloudFront as CDN.

One issue I met is 502 Bad Gateway error.

502-error

After the Googleing and research, I found the reason of it.

The real reason is AWS Cloudfront just support certain Encryption method.

See the results from ssllabs testing.

encryption-1

Then I change the seetings in SSL cipher suite.

SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5

Then, run ssllabs test again, result as below:

encryption-2

The 502 bad gateway is gone.

CloudFront forwards HTTPS requests to the origin server using the SSLv3 or TLSv1 protocols and the following ciphers:

  • ECDHE-RSA-AES128-GCM-SHA256
  • ECDHE-RSA-AES128-SHA256
  • ECDHE-RSA-AES128-SHA
  • ECDHE-RSA-AES256-GCM-SHA384
  • ECDHE-RSA-AES256-SHA384
  • ECDHE-RSA-AES256-SHA
  • AES128-GCM-SHA256
  • AES256-GCM-SHA384
  • AES128-SHA256
  • AES256-SHA
  • AES128-SHA
  • RC4-MD5

If your origin server does not support at least one of these ciphers, CloudFront cannot establish an SSL connection to your origin.

When it happens, 502 bad gateway comes.

 

The official explaination from Amazon AWS is here: http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/RequestAndResponseBehaviorCustomOrigin.html

facebookShare on Facebook
TwitterTweet

Related posts:

CDN compare: Azure vs Cloudfront vs BelugaCDN Web site of Burnaby City has SSL error Report the bad IP address to the AbuseIPDB Amazon CloudFront support custom origin Go back to Amazon AWS CloudFront Amazon CloudFront adds Canadian edge servers Motorola NVG589 VDSL2 Gateway

David Yin

David is a blogger, geek, and web developer — founder of FreeInOutBoard.com. If you like his post, you can say thank you here

Leave a Reply

Your email address will not be published. Required fields are marked *