Am 30.08.23 um 13:50 schrieb Stefan Eissing via dev:
Am 30.08.2023 um 13:21 schrieb Rainer Jung <rainer.j...@kippdata.de>:
Hi there,
OpenSSL 3 flags some abortive shutdowns as an error different to what 1.1.1
did. This results in info log output in httpd:
[Tue Aug 29 12:33:06.787210 2023] [ssl:info] [pid 1994673:tid 1994737] SSL
Library Error: error:0A000126:SSL routines::unexpected eof while reading
[Tue Aug 29 12:33:06.787374 2023] [ssl:info] [pid 1994673:tid 1994737] [client
1.2.3.4:54790] AH01998: Connection closed to child 215 with abortive shutdown
(server myserver:443)
Some background is given in
https://github.com/openssl/openssl/issues/18866
They introduced a new context option "SSL_OP_IGNORE_UNEXPECTED_EOF" to suppress
this. Some other software now sets it with SSL_CTX_set_options():
- nginx
https://github.com/nginx/nginx/commit/5155845ce4453a07d60e2ce43946c9181bc311fa
- PHP
https://github.com/php/php-src/pull/8558/commits/55be0f489e390d28892a07c32d45a404c62fc9f2
I suggest to adopt it, ie. set it if the option is available.
WDYT?
+1 to setting this for our users sake. I withhold my opinion about this stupid
OpenSSL change...oops.
Thanks for your feedback. I committed it to trunk in r1912015 and can
revert if someone thinks its premature. Will propose for backport
probably tomorrow.
Best regards,
Rainer
