Welcome! Log In Create A New Profile

[nginx] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL.

Forum List Message List New Topic Print View

Roman Arutyunyan

March 13, 2023 09:00AM

details: https://hg.nginx.org/nginx/rev/64db9e50f6c5
branches:
changeset: 8145:64db9e50f6c5
user: Maxim Dounin <mdounin@mdounin.ru>
date: Wed Mar 08 22:22:34 2023 +0300
description:
SSL: logging levels of errors observed with tlsfuzzer and LibreSSL.

As tested with tlsfuzzer with LibreSSL 3.7.0, the following errors are
certainly client-related:

SSL_do_handshake() failed (SSL: error:14026073:SSL routines:ACCEPT_SR_CLNT_HELLO:bad packet length)
SSL_do_handshake() failed (SSL: error:1402612C:SSL routines:ACCEPT_SR_CLNT_HELLO:ssl3 session id too long)
SSL_do_handshake() failed (SSL: error:140380EA:SSL routines:ACCEPT_SR_KEY_EXCH:tls rsa encrypted value length is wrong)

Accordingly, the SSL_R_BAD_PACKET_LENGTH ("bad packet length"),
SSL_R_SSL3_SESSION_ID_TOO_LONG ("ssl3 session id too long"),
SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG ("tls rsa encrypted value
length is wrong") errors are now logged at the "info" level.

diffstat:

src/event/ngx_event_openssl.c | 7 +++++++
1 files changed, 7 insertions(+), 0 deletions(-)

diffs (31 lines):

diff -r 6bee5e692579 -r 64db9e50f6c5 src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c Wed Mar 08 22:21:59 2023 +0300
+++ b/src/event/ngx_event_openssl.c Wed Mar 08 22:22:34 2023 +0300
@@ -3406,6 +3406,7 @@ ngx_ssl_connection_error(ngx_connection_
#ifdef SSL_R_MISSING_SIGALGS_EXTENSION
|| n == SSL_R_MISSING_SIGALGS_EXTENSION /* 112 */
#endif
+ || n == SSL_R_BAD_PACKET_LENGTH /* 115 */
#ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM
|| n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */
#endif
@@ -3453,6 +3454,9 @@ ngx_ssl_connection_error(ngx_connection_
#ifdef SSL_R_CALLBACK_FAILED
|| n == SSL_R_CALLBACK_FAILED /* 234 */
#endif
+#ifdef SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG
+ || n == SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG /* 234 */
+#endif
#ifdef SSL_R_NO_APPLICATION_PROTOCOL
|| n == SSL_R_NO_APPLICATION_PROTOCOL /* 235 */
#endif
@@ -3485,6 +3489,9 @@ ngx_ssl_connection_error(ngx_connection_
#ifdef SSL_R_RECORD_TOO_SMALL
|| n == SSL_R_RECORD_TOO_SMALL /* 298 */
#endif
+#ifdef SSL_R_SSL3_SESSION_ID_TOO_LONG
+ || n == SSL_R_SSL3_SESSION_ID_TOO_LONG /* 300 */
+#endif
#ifdef SSL_R_BAD_ECPOINT
|| n == SSL_R_BAD_ECPOINT /* 306 */
#endif
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[nginx] SSL: logging levels of errors observed with tlsfuzzer and LibreSSL.	Roman Arutyunyan	470	March 13, 2023 09:00AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 299

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018