openssl 1.1.1e 14095126:SSL routines:ssl3_read_n

Maxim Dounin mdounin at mdounin.ru
Fri Mar 20 22:12:26 UTC 2020


Hello!

On Fri, Mar 20, 2020 at 09:54:08AM -0400, itpp2012 wrote:

> Maxim Dounin Wrote:
> -------------------------------------------------------
> > On Fri, Mar 20, 2020 at 10:41:32AM +0300, Sergey Kandaurov wrote:
> > > > On 18 Mar 2020, at 14:17, itpp2012 <nginx-forum at forum.nginx.org>
> wrote:
> > > > Question: does this need to resolved in openssl or nginx ?
> 
> > > So, they deliberately changed existing behaviour, known since
> > > at least OpenSSL 0.9.7, in the stable branch which should not
> > > be targeted (per their words) for introducing behaviour changes.
> > > That is unfortunate and beyond explanation.
> 
> > I think a separate condition in an #ifdef might be preferred here, 
> > probably with better debug logging as well.
> 
> I'd prefer an openssl fix but can we now assume nginx prefers a nginx fix ?

Well, reverting OpenSSL behaviour back to one existed for years 
would be awesome.  Unfortunately, this might never happen, as 
OpenSSL's team usually don't care.

Also, even if this will happen, there will be at least some 
versions of OpenSSL when things behave incorrectly.

As such, we certainly have to consider how to fix it on nginx 
side.  Whether or not we'll commit the fix is a different 
question.

-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx mailing list