Error log question
Maxim Dounin
mdounin at mdounin.ru
Sat Jul 23 22:15:50 UTC 2022
Hello!
On Sat, Jul 23, 2022 at 04:59:35PM -0400, Jay Haines wrote:
> My nginx error log is being filled with errors which I believe are being
> surfaced from OpenSSL. The log entries number in the hundreds of
> thousands per day and I understand they are most likely due to
> conditions beyond my control. Examples of the log entries are:
>
> 2022/07/23 16:26:32 [crit] 849483#849483: *8078348 SSL_do_handshake()
> failed (SSL: error:0A00006E:SSL routines::bad extension) while SSL
> handshaking, client: 113.211.208.188, server: 0.0.0.0:443
Quoting nginx 1.23.1 CHANGES (http://nginx.org/en/CHANGES):
*) Change: the logging level of the "bad key share", "bad extension",
"bad cipher", and "bad ecpoint" SSL errors has been lowered from
"crit" to "info".
Upgrade to nginx 1.23.1, these errors should go away.
> 2022/07/23 16:26:33 [alert] 849481#849481: *8078448 could not allocate
> new session in SSL session shared cache "le_nginx_SSL" while SSL
> handshaking, client: 175.156.80.121, server: 0.0.0.0:443
This error indicate that nginx wasn't able to allocate new session
in the SSL session cache defined by the "ssl_session_cache"
directive, and removing an old session didn't help. This
basically indicate that the SSL session cache is too small, and it
would be a good idea to either configure a larger cache or reduce
ssl_session_timeout. The logging level is probably a bit too
scary, see https://trac.nginx.org/nginx/ticket/621 for details.
> Is there any way to bypass logging these errors?
See above, hope this helps.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list