SSL errors, verbosity level

Frank Liu gfrankliu at gmail.com
Wed Jul 11 00:11:40 UTC 2018


Those unsupported ssl version messages should be in "info" level instead of
"crit", just like other SSL related errors.
Applying below patch should make your error log cleaner:

https://nginx.googlesource.com/nginx/+/6853c9c868504432ffadb8a7ca58ce8e50a83450%5E%21/

On Sat, Jul 7, 2018 at 8:38 AM, shiz <nginx-forum at forum.nginx.org> wrote:

> Hi,
>
> I see those messages in my error logs daily.
>
> ```
> 2018/07/07 08:01:32 [crit] 31935#31935: *342781 SSL_do_handshake() failed
> (SSL: error:14209102:SSL
> routines:tls_early_post_process_client_hello:unsupported protocol) while
> SSL
> handshaking, client: 173.208.91.177, server: 0.0.0.0:443
> 2018/07/07 08:06:24 [crit] 31939#31939: *343099 SSL_do_handshake() failed
> (SSL: error:1420918C:SSL
> routines:tls_early_post_process_client_hello:version too low) while SSL
> handshaking, client: 141.212.122.16, server: 0.0.0.0:443
> ```
>
> Is there a way to increase verbosity, i.e. which protocol is unsupported?
> which version is too low?
>
> Nginx 1.15.1, supporting TLSv1.2, TLSv1.3 draft 23, OpenSSL-1.1.1-pre2
>
> Not sure if it could be done within nginx, maybe OpenSSL source has to be
> edited?
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?2,280446,280446#msg-280446
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180710/91e737e8/attachment.html>


More information about the nginx mailing list