nginx报SSL_do_handshake() failed (SSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO

一错误
2019/12/09 16:45:44 [error] 19091#0: *1 SSL_do_handshake() failed (SSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error) while SSL handshaking to upstream, cli
ent: 172.18.122.4, server: sda.cn, request: "POST /api/tokenVerify?token=2D3B66C43CFDA04DF5D46F288F0B16B253FE48353C351BDB52D339840DB28E6427115A9ECB826CA75EBE7F6F310BEBB2DAB85DAE77780AC6B6E2F053DF23BF9788F3768F62ABF38C335C794DC79197BC&constId=&appKey=c36b3f2865c0506c9dd7dab845c1ee86&sign=4ada50fd61204702bda46f95810b42b5&ip= HTTP/1.1", upstream: "https://74.208.236.192:443/api/tokenVerify?token=2D3B66C43CFDA04DF5D46F288F0B16B253FE48353C351BDB52D339840DB28E6427115A9ECB826CA75EBE7F6F310BEBB2DAB85DAE77780AC6B6E2F053DF23BF9788F3768F62ABF38C335C794DC79197BC&constId=&appKey=c36b3f2865c0506c9dd7dab845c1ee86&sign=4ada50fd61204702bda46f95810b42b5&ip=", host: "192.168.2.241:10443"
二解决
在nginx 1.7中，可以使用这个指令:

proxy_ssl_server_name on;
迫使nginx使用SNI

proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

 #请按照这个协议配置
     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
     #请按照这个套件配置，配置加密套件，写法遵循 openssl 标准。
     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
     ssl_prefer_server_ciphers on;
     proxy_connect_timeout 600;
     proxy_read_timeout 600;
     proxy_send_timeout 600;
     #防止hand
     proxy_ssl_server_name on;
        location / {
           #网站主页路径。此路径仅供参考，具体请您按照实际目录操作。
         #root /var/www/www.domain.com;
         index  /templates/loading.html;
        }
        location ~.*abnol/* {
           proxy_pass   http://tomcatWeb;
         # proxy_pass   http://192.168.1.101:8090;
         # proxy_pass   http://localhost:8088;
        }
        location ~.*api/tokenVerify* {
           proxy_pass   https://cap.dingxiang-inc.com;
        }

    }

}