openssl 1.1.1e 14095126:SSL routines:ssl3_read_n
Reinis Rozitis
r at roze.lv
Thu Mar 19 21:52:44 UTC 2020
> After using 1.1.1e, see also the commit where an explicit entry has been
> added.
> nginx just reports back what openssl passes, if this was unexpected (none
> critical) nginx needs to be patched, if not this openssl workaround (10880)
> needs to be changed.
Any comment on this from any nginx devs?
Been running 1.1.1c for some time and out of curiosity upgraded to 1.1.1e and indeed there are a lot of "(SSL: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading)".
Is it "safe" to temporary revert the patch to reduce the noise (as per the github thread - the EOF (other than the "data loss") most likely has been there previously just not being returned as error) or are there more deeper problems with openssl/tls 1.3 etc?
Also since there are no plans to implement quic even in openssl 3.0 does it maybe make sense to compile nginx with BoringSSL?
rr
More information about the nginx
mailing list