SSL: reject unsupported protocols "negotiated" during handshake

Piotr Sikora piotr at
Wed Apr 3 22:16:14 UTC 2013

Hey Maxim,

> Do we care?  I think it's ok to assume HTTP by default, even if a
> client sent something different from what we've advertised.

I'm not sure about you, but I do. I don't see a point in trying to
process something that is known to fail down the line... Especially,
if it produces noise in the logs.

Right now, forced SPDY/3 request is logged like that:

access.log: - - [03/Apr/2013:14:05:10 -0700]
400 189 "-" "-"

2013/04/03 14:05:10 [info] 54833#0: *4 client sent invalid method
while reading client request line, client:, server: _,
request: "?`80??>*/*accept-encoding"

vs patched:

2013/04/03 14:08:59 [error] 55828#0: *1 client negotiated unsupported
protocol "spdy/3" while SSL handshaking, client:, server:

Best regards,
Piotr Sikora

More information about the nginx-devel mailing list