Opened 4 years ago

Closed 4 years ago

Last modified 3 years ago

#662 closed enhancement (fixed)

Handle SSL_R_INAPPROPRIATE_FALLBACK like the other handshake failures

Reported by: www.google.com/accounts/o8/id?id=AItOawli6-X80LgK_g9ayueWK50BjebQ-qrvXFU Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.7.x
Keywords: ssl Cc:
uname -a: Linux london-1.atomx.com 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.7.7 built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx.log --http-log-path=/var/log/nginx-access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --user=www-data --group=www-data --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --without-http_autoindex_module --without-http_ssi_module --without-http_userid_module --without-http_scgi_module --without-http_auth_basic_module --without-http_geo_module --without-http_map_module --without-http_split_clients_module --without-http_referer_module --without-http_memcached_module --without-http_limit_conn_module --without-http_limit_req_module --without-http_empty_gif_module --with-file-aio --with-cc-opt='-g -O2 -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,--as-needed' --with-ipv6 --add-module=../nginx-http-auth-digest

Description

Handle the new SSL_R_INAPPROPRIATE_FALLBACK like the other handshake failures.

Handshare failures usually get logged as NGX_LOG_INFO which I normally ignore. Now my whole error log is full of "SSL: error:140A1175:SSL routines:SSL_BYTES_TO_CIPHER_LIST:inappropriate fallback" which is SSL_R_INAPPROPRIATE_FALLBACK.

Attachments (1)

ngx_event_openssl.c.diff (780 bytes) - added by www.google.com/accounts/o8/id?id=AItOawli6-X80LgK_g9ayueWK50BjebQ-qrvXFU 4 years ago.

Download all attachments as: .zip

Change History (4)

Changed 4 years ago by www.google.com/accounts/o8/id?id=AItOawli6-X80LgK_g9ayueWK50BjebQ-qrvXFU

comment:1 Changed 4 years ago by Maxim Dounin <mdounin@…>

In b7a37f6a25eaf68efaa16dbc61ae925745b479a3/nginx:

SSL: logging level of "inappropriate fallback" (ticket #662).

Patch by Erik Dubbelboer.

comment:2 Changed 4 years ago by mdounin

  • Resolution set to fixed
  • Status changed from new to closed

Committed, thanks.

comment:3 Changed 3 years ago by Maxim Dounin <mdounin@…>

In 1d6eb39d05c97dc0ab95287569d6daf50829c11e/nginx:

SSL: logging level of "inappropriate fallback" (ticket #662).

Patch by Erik Dubbelboer.

Note: See TracTickets for help on using tickets.