<html><head><meta http-equiv="Content-Type" content="text/html; charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; color: rgba(0, 0, 0, 0.85);" class="">Hello Maxim!</div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; color: rgba(0, 0, 0, 0.85); min-height: 13px;" class=""><br class=""></div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; color: rgba(0, 0, 0, 0.85);" class="">> Are you seeing these errors in practice?</div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; color: rgba(0, 0, 0, 0.85);" class="">Yes, it's happening 310 times an hour. We are seeing in log like this:</div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; color: rgba(0, 0, 0, 0.85);" class=""> 2022/07/26 13:49:51 [crit] 1316#1316: *147702846 SSL_read() failed =</div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; color: rgba(0, 0, 0, 0.85);" class="">(SSL: error:1408F1BB:SSL routines:ssl3_get_record:bad record type) while =</div><div style="margin: 0px; font-stretch: normal; font-size: 11px; line-height: normal; font-family: Menlo; color: rgba(0, 0, 0, 0.85);" class="">waiting for request</div><div class=""><br class=""></div><div><br class=""><blockquote type="cite" class=""><div class="">On 9 Aug 2022, at 17:34, Murilo Andrade <<a href="mailto:murilo.b.andrade@gmail.com" class="">murilo.b.andrade@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class=""># HG changeset patch<br class=""># User Murilo Andrade <<a href="mailto:murilo.b.andrade@gmail.com" class="">murilo.b.andrade@gmail.com</a>><br class=""># Date 1660076026 10800<br class=""># Tue Aug 09 17:13:46 2022 -0300<br class=""># Node ID 8b57fd5e8fac9d04cd286e2ad8a18a4030819234<br class=""># Parent 069a4813e8d6d7ec662d282a10f5f7062ebd817f<br class="">SSL: logging level of client issue during TLSv1.3<br class=""><br class="">Such fatal errors are reported by OpenSSL 1.1.1 during TLSv1.3,<br class="">caused by client issue. For example: when the handshake is<br class="">concluded, the client send a "change_cipher_spec(20)" followed<br class="">by an unknown Content-Type, for example: 26; the OpenSSL library<br class="">will fail with SSL_R_BAD_RECORD_TYPE ("bad record type"). This<br class="">failure now are logged at the "info" level.<br class=""><br class="">diff -r 069a4813e8d6 -r 8b57fd5e8fac src/event/ngx_event_openssl.c<br class="">--- a/src/event/ngx_event_openssl.c<span class="Apple-tab-span" style="white-space:pre"> </span>Tue Jul 19 17:05:27 2022 +0300<br class="">+++ b/src/event/ngx_event_openssl.c<span class="Apple-tab-span" style="white-space:pre"> </span>Tue Aug 09 17:13:46 2022 -0300<br class="">@@ -3423,6 +3423,9 @@<br class="">#ifdef SSL_R_VERSION_TOO_LOW<br class=""> || n == SSL_R_VERSION_TOO_LOW /* 396 */<br class="">#endif<br class="">+#ifdef SSL_R_BAD_RECORD_TYPE<br class="">+ || n == SSL_R_BAD_RECORD_TYPE /* 443 */<br class="">+#endif<br class=""> || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */<br class="">#ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE<br class=""> || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE /* 1010 */<br class=""><br class=""><br class=""></div></div></blockquote></div><br class=""></body></html>