Thank you!
On 7/23/22 18:15, Maxim Dounin wrote:
Hello!
On Sat, Jul 23, 2022 at 04:59:35PM -0400, Jay Haines wrote:
My nginx error log is being filled with errors which I believe are being
surfaced from OpenSSL. The log entries number in the hundreds of
thousands per day and I understand they are most likely due to
conditions beyond my control. Examples of the log entries are:
2022/07/23 16:26:32 [crit] 849483#849483: *8078348 SSL_do_handshake()
failed (SSL: error:0A00006E:SSL routines::bad extension) while SSL
handshaking, client: 113.211.208.188, server: 0.0.0.0:443
Quoting nginx 1.23.1 CHANGES (http://nginx.org/en/CHANGES):
*) Change: the logging level of the "bad key share", "bad extension",
"bad cipher", and "bad ecpoint" SSL errors has been lowered from
"crit" to "info".
Upgrade to nginx 1.23.1, these errors should go away.
2022/07/23 16:26:33 [alert] 849481#849481: *8078448 could not allocate
new session in SSL session shared cache "le_nginx_SSL" while SSL
handshaking, client: 175.156.80.121, server: 0.0.0.0:443
This error indicate that nginx wasn't able to allocate new session
in the SSL session cache defined by the "ssl_session_cache"
directive, and removing an old session didn't help. This
basically indicate that the SSL session cache is too small, and it
would be a good idea to either configure a larger cache or reduce
ssl_session_timeout. The logging level is probably a bit too
scary, see https://trac.nginx.org/nginx/ticket/621 for details.
Is there any way to bypass logging these errors?
See above, hope this helps.
_______________________________________________
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org
