Welcome! Log In Create A New Profile

Advanced

[PATCH] SSL: logging level of client issue during TLSv1.3

Murilo Andrade
August 09, 2022 04:36PM
# HG changeset patch
# User Murilo Andrade <murilo.b.andrade@gmail.com>
# Date 1660076026 10800
# Tue Aug 09 17:13:46 2022 -0300
# Node ID 8b57fd5e8fac9d04cd286e2ad8a18a4030819234
# Parent 069a4813e8d6d7ec662d282a10f5f7062ebd817f
SSL: logging level of client issue during TLSv1.3

Such fatal errors are reported by OpenSSL 1.1.1 during TLSv1.3,
caused by client issue. For example: when the handshake is
concluded, the client send a "change_cipher_spec(20)" followed
by an unknown Content-Type, for example: 26; the OpenSSL library
will fail with SSL_R_BAD_RECORD_TYPE ("bad record type"). This
failure now are logged at the "info" level.

diff -r 069a4813e8d6 -r 8b57fd5e8fac src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Tue Jul 19 17:05:27 2022 +0300
+++ b/src/event/ngx_event_openssl.c Tue Aug 09 17:13:46 2022 -0300
@@ -3423,6 +3423,9 @@
#ifdef SSL_R_VERSION_TOO_LOW
|| n == SSL_R_VERSION_TOO_LOW /* 396 */
#endif
+#ifdef SSL_R_BAD_RECORD_TYPE
+ || n == SSL_R_BAD_RECORD_TYPE /* 443 */
+#endif
|| n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
#ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE
|| n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */


_______________________________________________
nginx-devel mailing list -- nginx-devel@nginx.org
To unsubscribe send an email to nginx-devel-leave@nginx.org
Subject Author Views Posted

[PATCH] SSL: logging level of client issue during TLSv1.3

Murilo Andrade 336 August 09, 2022 04:36PM

Re: [PATCH] SSL: logging level of client issue during TLSv1.3

Maxim Dounin 52 August 09, 2022 08:32PM

Re: [PATCH] SSL: logging level of client issue during TLSv1.3

Murilo Andrade 85 August 10, 2022 06:16PM

Re: [PATCH] SSL: logging level of client issue during TLSv1.3

Maxim Dounin 53 August 29, 2022 07:08PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 124
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready