Error log question
Jay Haines
jeh253 at gmail.com
Sun Jul 24 13:50:15 UTC 2022
Thank you!
On 7/23/22 18:15, Maxim Dounin wrote:
> Hello!
>
> On Sat, Jul 23, 2022 at 04:59:35PM -0400, Jay Haines wrote:
>
>> My nginx error log is being filled with errors which I believe are being
>> surfaced from OpenSSL. The log entries number in the hundreds of
>> thousands per day and I understand they are most likely due to
>> conditions beyond my control. Examples of the log entries are:
>>
>> 2022/07/23 16:26:32 [crit] 849483#849483: *8078348 SSL_do_handshake()
>> failed (SSL: error:0A00006E:SSL routines::bad extension) while SSL
>> handshaking, client: 113.211.208.188, server: 0.0.0.0:443
> Quoting nginx 1.23.1 CHANGES (http://nginx.org/en/CHANGES):
>
> *) Change: the logging level of the "bad key share", "bad extension",
> "bad cipher", and "bad ecpoint" SSL errors has been lowered from
> "crit" to "info".
>
> Upgrade to nginx 1.23.1, these errors should go away.
>
>> 2022/07/23 16:26:33 [alert] 849481#849481: *8078448 could not allocate
>> new session in SSL session shared cache "le_nginx_SSL" while SSL
>> handshaking, client: 175.156.80.121, server: 0.0.0.0:443
> This error indicate that nginx wasn't able to allocate new session
> in the SSL session cache defined by the "ssl_session_cache"
> directive, and removing an old session didn't help. This
> basically indicate that the SSL session cache is too small, and it
> would be a good idea to either configure a larger cache or reduce
> ssl_session_timeout. The logging level is probably a bit too
> scary, see https://trac.nginx.org/nginx/ticket/621 for details.
>
>> Is there any way to bypass logging these errors?
> See above, hope this helps.
>
More information about the nginx
mailing list