Page MenuHomePhabricator

nginx SSL_do_handshake spam filling disks
Closed, ResolvedPublic


Since the recent upgrade of nginx+openssl on the cache terminators, we're getting a ton of unified.error.log spam looking like:

2016/10/22 17:08:45 [crit] 13136#13136: *524652494 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: N.N.N.N, server:

We believe these are from SSLv3 connection attempts, which weren't so noisy previously. They're happening at sufficient rate on some hosts (dependent on sh mapping of client IPs and such) at a rate that's filling up disks with the log spam.

  • Verify these are really from SSLv3 attempts and not something we should care more about
  • Find a way to silence them (will probably end up being an nginx patch).

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Change 318904 had a related patch set uploaded (by BBlack):
non-crit for client handshake SSL_R_VERSION_TOO_LOW

Change 318904 merged by BBlack:
non-crit for client handshake SSL_R_VERSION_TOO_LOW

BBlack claimed this task.

wmf13 nginx package fixes this