[
https://issues.apache.org/jira/browse/TS-1946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14226897#comment-14226897
]
Scott Beardsley commented on TS-1946:
-------------------------------------
We have run into a TLS handshake problem which is now hidden by this change. It
is hidden because we don't run production services in debug mode so we have no
knowledge that the problem even exists. If the SSL errors were in error.log we
could have caught this problem. Is there a way we can log TLS errors without
putting the TS in debug mode? I am told that debug mode incurs an extra cost
associated with the tag pattern matching so we don't want that turned on in
production. Any recommendations here?
> Verbose SSL ERROR in diags.out
> ------------------------------
>
> Key: TS-1946
> URL: https://issues.apache.org/jira/browse/TS-1946
> Project: Traffic Server
> Issue Type: Bug
> Components: Logging, SSL
> Reporter: Leif Hedstrom
> Assignee: James Peach
> Labels: A
> Fix For: 3.3.5
>
>
> I'm seeing quite a few errors like below in diags.log (this site uses a self
> signed cert, not signed by a trusted CA):
> {code}
> [Jun 1 08:32:02.771] Server {0x420f4b90} ERROR: SSL_ServerHandShake
> [Jun 1 08:32:02.771] Server {0x420f4b90} ERROR: SSL::4:error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol:s23_
> srvr.c:628:
> {code}
> I don't know (yet) what or why this error is generated, but I think we should
> either fix this, or move the error to error.log (which does get rotated
> properly). The main problem with putting this out on stderr/stdout and
> directed to diags.log is that diags.log never gets rotated.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
