I know.
> Op 27 mrt. 2020 om 20:18 heeft William A Rowe Jr <wr...@rowe-clan.net> het > volgende geschreven: > > > If you want to beat up your server in unusual ways, a good way to do this is > to > run it against https://www.ssllabs.com/ssltest/ from Qualsys with debug > logging > level throughout. I think you'll find we already sanitize all error results. > > > >> On Fri, Mar 27, 2020 at 1:24 PM Steffen <i...@apachelounge.com> wrote: >> >> A discussion started on Apachelounge about an possible issue with OpenSSL >> 1.1.1e ( https://www.apachelounge.com/viewtopic.php?p=38941#38941 ) >> >> This is the introduced new EOF in 1.1.1e : >> https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a >> >> >> Discussion on OpenSSL is at https://github.com/openssl/openssl/issues/11378 >> >> I dot understand what is going on, but Daniel Stenberg (Curl) states : The >> "poorly-implemented HTTP/1.1 servers" are still out there and are being >> used. How common? Impossible to say. >> >> >> OpenSSL has a Patch with description : >> ... possible application breakage caused by a change in behavior introduced >> in 1.1.1e. It affects at least nginx, which logs error messages such as: >> nginx[16652]: [crit] 16675#0: *358 SSL_read() failed (SSL: error: >> 4095126:SSL routines:ssl3_read_n:unexpected eof while reading) while >> keepalive, client: xxxx, server: [::]:443 >> >> So looks that nginx is effected. >> >> My question is : >> Is Apache effected ? Looks not, because till now: Apachelounge has more >> then a week 2.4.41 available with 1.1.1e, which is downloaded over 50.000 >> times and no issues reported like this. >> >> Steffen
