changeset 8063:9cf231508a8d

SSL: logging level of "bad record type" errors. The SSL_R_BAD_RECORD_TYPE ("bad record type") errors are reported by OpenSSL 1.1.1 or newer when using TLSv1.3 if the client sends a record with unknown or unexpected type. These errors are now logged at the "info" level.
author Murilo Andrade <murilo.b.andrade@gmail.com>
date Tue, 09 Aug 2022 17:13:46 -0300
parents 6e818b00ee32
children 5f5a34e83ca2
files src/event/ngx_event_openssl.c
diffstat 1 files changed, 3 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/event/ngx_event_openssl.c
+++ b/src/event/ngx_event_openssl.c
@@ -3423,6 +3423,9 @@ ngx_ssl_connection_error(ngx_connection_
 #ifdef SSL_R_VERSION_TOO_LOW
             || n == SSL_R_VERSION_TOO_LOW                            /*  396 */
 #endif
+#ifdef SSL_R_BAD_RECORD_TYPE
+            || n == SSL_R_BAD_RECORD_TYPE                            /*  443 */
+#endif
             || n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
 #ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE
             || n == SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE             /* 1010 */