SSL_write() failed errors

Palvelin Postmaster postmaster at palvelin.fi
Sat Jul 27 16:08:14 UTC 2019 


> On 22 Jul 2019, at 4:54, Maxim Dounin <mdounin at mdounin.ru> wrote:
> 
> Hello!
> 
> On Fri, Jul 19, 2019 at 11:35:44AM -0700, Palvelin Postmaster via nginx wrote:
> 
>>> On 19 Jul 2019, at 9.59, Maxim Dounin <mdounin at mdounin.ru> wrote:
>>> 
>>> Hello!
>>> 
>>> On Thu, Jul 18, 2019 at 10:03:24AM -0700, Palvelin Postmaster via nginx wrote:
>>> 
>>>> we’re getting random SSL_write() failed errors on seemingly 
>>>> legitimate requests. The common denominator seems to be they are 
>>>> all for static files (images, js, etc.). 
>>>> 
>>>> Can anyone help me debug the issue?
>>>> 
>>>> Here’s a debug log paste for one incident: 
>>>> https://pastebin.com/ZsbLuD5N
>>>> 
>>>> Our architecture is: Amazon ALB > Nginx 1.14 > PHP-FPM 7.3
>>> 
>>> The following debug log:
>>> 
>>> 2019/07/18 19:27:25 [debug] 1840#1840: *2037 SSL_write: -1
>>> 2019/07/18 19:27:25 [debug] 1840#1840: *2037 SSL_get_error: 6
>>> 2019/07/18 19:27:25 [crit] 1840#1840: *2037 SSL_write() failed (SSL:) while sending response to client...
>>> 
>>> suggests that this is due to error 6, that is, 
>>> SSL_ERROR_ZERO_RETURN.  This looks strange, as we haven't seen 
>>> this error being returned from SSL_write(), but might be 
>>> legitimate.  In theory this can happen if nginx got a close notify 
>>> SSL alert while writing a response, and probably have something to 
>>> do with Amazon ALB before nginx.
>>> 
>>> Just in case, could you please provide details about OpenSSL 
>>> library you are using ("nginx -V" should contain enough details)?
>> 
>> Certainly:
>> 
>> nginx version: nginx/1.14.0 (Ubuntu)
>> built with OpenSSL 1.1.0g  2 Nov 2017 (running with OpenSSL 1.1.1c  28 May 2019)
> 
> You are using Ubuntu 18.04 package, correct?
> 
> Could you please update to the latest package (1.14.0-0ubuntu1.3, 
> exactly the same nginx version rebuild against OpenSSL 1.1.1c) and 
> report if it fixes the errors in question or not?

Yes, using the Ubuntu 18.04 package.

I upgraded the package to latest and have been following up the error log for a few days. I’m still getting one or two errors a day but the frequency is now small enough to become uninteresting. :)


--
Palvelin.fi Hostmaster
postmaster at palvelin.fi

More information about the nginx mailing list