> After using 1.1.1e, see also the commit where an explicit entry has been
> added.
> nginx just reports back what openssl passes, if this was unexpected (none
> critical) nginx needs to be patched, if not this openssl workaround (10880)
> needs to be changed.

Any comment on this from any nginx devs?
Been running 1.1.1c for some time and out of curiosity upgraded to 1.1.1e and indeed there are a lot of "(SSL: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading)".

Is it "safe" to temporary revert the patch to reduce the noise (as per the github thread - the EOF (other than the "data loss") most likely has been there previously just not being returned as error) or are there more deeper problems with openssl/tls 1.3 etc?


Also since there are no plans to implement quic even in openssl 3.0 does it maybe make sense to compile nginx with BoringSSL?

rr



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx