[nginx] SSL: logging levels of errors observed with BoringSSL.
Maxim Dounin
mdounin at mdounin.ru
Thu Apr 30 04:32:25 UTC 2026
details: http://freenginx.org/hg/nginx/rev/f347a195b373
branches:
changeset: 9508:f347a195b373
user: Maxim Dounin <mdounin at mdounin.ru>
date: Thu Apr 30 07:25:52 2026 +0300
description:
SSL: logging levels of errors observed with BoringSSL.
The following client-related errors were observed during tlsfuzzer runs
with BoringSSL:
SSL_do_handshake() failed (SSL: error:100000f3:SSL routines:OPENSSL_internal:WRONG_CURVE)
SSL_do_handshake() failed (SSL: error:10000083:SSL routines:OPENSSL_internal:CLIENTHELLO_PARSE_FAILED)
Accordingly, the SSL_R_WRONG_CURVE and SSL_R_CLIENTHELLO_PARSE_FAILED
errors are now logged at the "info" level.
diffstat:
src/event/ngx_event_openssl.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)
diffs (23 lines):
diff --git a/src/event/ngx_event_openssl.c b/src/event/ngx_event_openssl.c
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -4090,6 +4090,9 @@ ngx_ssl_connection_error(ngx_connection_
|| n == SSL_R_BAD_KEY_UPDATE /* 122 */
#endif
|| n == SSL_R_BLOCK_CIPHER_PAD_IS_WRONG /* 129 */
+#ifdef SSL_R_CLIENTHELLO_PARSE_FAILED
+ || n == SSL_R_CLIENTHELLO_PARSE_FAILED /* 131 */
+#endif
|| n == SSL_R_CCS_RECEIVED_EARLY /* 133 */
#ifdef SSL_R_DECODE_ERROR
|| n == SSL_R_DECODE_ERROR /* 137 */
@@ -4151,6 +4154,9 @@ ngx_ssl_connection_error(ngx_connection_
#ifdef SSL_R_NO_APPLICATION_PROTOCOL
|| n == SSL_R_NO_APPLICATION_PROTOCOL /* 235 */
#endif
+#ifdef SSL_R_WRONG_CURVE
+ || n == SSL_R_WRONG_CURVE /* 243 */
+#endif
|| n == SSL_R_UNEXPECTED_MESSAGE /* 244 */
|| n == SSL_R_UNEXPECTED_RECORD /* 245 */
|| n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */
More information about the nginx-devel
mailing list