Mercurial > hg > nginx
diff src/event/ngx_event_openssl.c @ 8145:64db9e50f6c5
SSL: logging levels of errors observed with tlsfuzzer and LibreSSL.
As tested with tlsfuzzer with LibreSSL 3.7.0, the following errors are
certainly client-related:
SSL_do_handshake() failed (SSL: error:14026073:SSL routines:ACCEPT_SR_CLNT_HELLO:bad packet length)
SSL_do_handshake() failed (SSL: error:1402612C:SSL routines:ACCEPT_SR_CLNT_HELLO:ssl3 session id too long)
SSL_do_handshake() failed (SSL: error:140380EA:SSL routines:ACCEPT_SR_KEY_EXCH:tls rsa encrypted value length is wrong)
Accordingly, the SSL_R_BAD_PACKET_LENGTH ("bad packet length"),
SSL_R_SSL3_SESSION_ID_TOO_LONG ("ssl3 session id too long"),
SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG ("tls rsa encrypted value
length is wrong") errors are now logged at the "info" level.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 08 Mar 2023 22:22:34 +0300 |
parents | 6bee5e692579 |
children | b7d4bfd132d2 |
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c Wed Mar 08 22:21:59 2023 +0300 +++ b/src/event/ngx_event_openssl.c Wed Mar 08 22:22:34 2023 +0300 @@ -3406,6 +3406,7 @@ #ifdef SSL_R_MISSING_SIGALGS_EXTENSION || n == SSL_R_MISSING_SIGALGS_EXTENSION /* 112 */ #endif + || n == SSL_R_BAD_PACKET_LENGTH /* 115 */ #ifdef SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM || n == SSL_R_NO_SUITABLE_SIGNATURE_ALGORITHM /* 118 */ #endif @@ -3453,6 +3454,9 @@ #ifdef SSL_R_CALLBACK_FAILED || n == SSL_R_CALLBACK_FAILED /* 234 */ #endif +#ifdef SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG + || n == SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG /* 234 */ +#endif #ifdef SSL_R_NO_APPLICATION_PROTOCOL || n == SSL_R_NO_APPLICATION_PROTOCOL /* 235 */ #endif @@ -3485,6 +3489,9 @@ #ifdef SSL_R_RECORD_TOO_SMALL || n == SSL_R_RECORD_TOO_SMALL /* 298 */ #endif +#ifdef SSL_R_SSL3_SESSION_ID_TOO_LONG + || n == SSL_R_SSL3_SESSION_ID_TOO_LONG /* 300 */ +#endif #ifdef SSL_R_BAD_ECPOINT || n == SSL_R_BAD_ECPOINT /* 306 */ #endif