TLS 1.3-only load balancer config silently blocked all Akamai traffic to nginx
An engineering team experienced a sudden outage where all traffic routed through Akamai-hosted domains failed to reach their backend nginx server, while internal traffic remained unaffected. Initial investigation pointed to an SSL certificate problem flagged by Akamai, but no certificates had been recently changed or renewed. The root cause turned out to be a TLS version mismatch: the External Load Balancer had been set to accept only TLS 1.3, while the Akamai property was configured to negotiate across older protocol versions including 1.2 and 1.1. Because neither side could agree on a protocol during the handshake, connections were silently dropped before any data was exchanged. The team resolved the outage by updating the load balancer's TLS policy to support both TLS 1.2 and 1.3, restoring traffic immediately without any certificate or nginx changes.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in