mirror of
https://github.com/nginx/nginx.git
synced 2024-12-23 07:33:29 -06:00
SSL: logging levels of "unsupported protocol", "version too low".
Starting with OpenSSL 1.1.0, SSL_R_UNSUPPORTED_PROTOCOL instead of SSL_R_UNKNOWN_PROTOCOL is reported when a protocol is disabled via an SSL_OP_NO_* option. Additionally, SSL_R_VERSION_TOO_LOW is reported when using MinProtocol or when seclevel checks (as set by @SECLEVEL=n in the cipher string) rejects a protocol, and this is what happens with SSLv3 and @SECLEVEL=1, which is the default. There is also the SSL_R_VERSION_TOO_HIGH error code, but it looks like it is not possible to trigger it.
This commit is contained in:
parent
85b44b46fb
commit
b1734fd800
@ -2079,6 +2079,7 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
|
||||
|| n == SSL_R_UNEXPECTED_RECORD /* 245 */
|
||||
|| n == SSL_R_UNKNOWN_ALERT_TYPE /* 246 */
|
||||
|| n == SSL_R_UNKNOWN_PROTOCOL /* 252 */
|
||||
|| n == SSL_R_UNSUPPORTED_PROTOCOL /* 258 */
|
||||
|| n == SSL_R_WRONG_VERSION_NUMBER /* 267 */
|
||||
|| n == SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC /* 281 */
|
||||
#ifdef SSL_R_RENEGOTIATE_EXT_TOO_LONG
|
||||
@ -2094,6 +2095,9 @@ ngx_ssl_connection_error(ngx_connection_t *c, int sslerr, ngx_err_t err,
|
||||
#endif
|
||||
#ifdef SSL_R_INAPPROPRIATE_FALLBACK
|
||||
|| n == SSL_R_INAPPROPRIATE_FALLBACK /* 373 */
|
||||
#endif
|
||||
#ifdef SSL_R_VERSION_TOO_LOW
|
||||
|| n == SSL_R_VERSION_TOO_LOW /* 396 */
|
||||
#endif
|
||||
|| n == 1000 /* SSL_R_SSLV3_ALERT_CLOSE_NOTIFY */
|
||||
#ifdef SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE
|
||||
|
Loading…
Reference in New Issue
Block a user