How to Troubleshoot Nginx SSL Handshake failure?
As @Paul said, the solution was to raise the log level. I changed a line in my
nginx.conf file, so it now reads as follows:
error_log /var/log/nginx/error.log debug;
And now that the log level is higher, it logs ssl handshake errors:
2016/09/19 22:38:08 [info] 10114#10114: *2 SSL_do_handshake() failed (SSL: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher) while SSL handshaking, client: 220.127.116.11, server: 0.0.0.0:443
Actually you have used the option ssl_ecdh_curve to configure Diffie Hellman key exchange in Nginx but you have not provided a parameter file. Therefore you have to use the option ssl_dhparam and must create a file with openssl.
openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096
Use file and above Diffie Hellman configuration in Nginx:
ssl_dhparam /etc/ssl/certs/dhparam.pem; ssl_ecdh_curve secp384r1;