Page MenuHomePhabricator

nginx SSL_do_handshake spam filling disks
Closed, ResolvedPublic

Description

Since the recent upgrade of nginx+openssl on the cache terminators, we're getting a ton of unified.error.log spam looking like:

2016/10/22 17:08:45 [crit] 13136#13136: *524652494 SSL_do_handshake() failed (SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low) while SSL handshaking, client: N.N.N.N, server: 0.0.0.0:443

We believe these are from SSLv3 connection attempts, which weren't so noisy previously. They're happening at sufficient rate on some hosts (dependent on sh mapping of client IPs and such) at a rate that's filling up disks with the log spam.

  • Verify these are really from SSLv3 attempts and not something we should care more about
  • Find a way to silence them (will probably end up being an nginx patch).

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

Change 318904 had a related patch set uploaded (by BBlack):
non-crit for client handshake SSL_R_VERSION_TOO_LOW

https://gerrit.wikimedia.org/r/318904

Change 318904 merged by BBlack:
non-crit for client handshake SSL_R_VERSION_TOO_LOW

https://gerrit.wikimedia.org/r/318904

BBlack claimed this task.

wmf13 nginx package fixes this