On Wed, Aug 30, 2023 at 01:21:11PM +0200, Rainer Jung wrote: > Hi there, > > OpenSSL 3 flags some abortive shutdowns as an error different to what 1.1.1 > did. This results in info log output in httpd: > > [Tue Aug 29 12:33:06.787210 2023] [ssl:info] [pid 1994673:tid 1994737] SSL > Library Error: error:0A000126:SSL routines::unexpected eof while reading > [Tue Aug 29 12:33:06.787374 2023] [ssl:info] [pid 1994673:tid 1994737] > [client 1.2.3.4:54790] AH01998: Connection closed to child 215 with abortive > shutdown (server myserver:443) > > Some background is given in > > https://github.com/openssl/openssl/issues/18866 > > They introduced a new context option "SSL_OP_IGNORE_UNEXPECTED_EOF" to > suppress this. Some other software now sets it with SSL_CTX_set_options():
Interesting! Just wondering, is there a reason why we'd only want to enable this for server-side operation (mctx->pkp == NULL) not also for client-side/proxy operation? Seems like it might be better to enable it unconditionally. Regards, Joe
