Hello! On Mon, Jan 21, 2019 at 11:59:25PM +0300, Алексей wrote:
> I use nginx 1.13.6 as server for mutual tls auth with clients certs Note that 1.13.6 is a mainline version which is not supported since release of 1.13.7 at 21 Nov 2017. You may want to upgrade to a more recent version, e.g., latest mainline is 1.15.8. > During ab test I get errors ssl read failed(5) closing connection Error 5 is SSL_ERROR_SYSCALL suggests that futher information is available in errno, and ab does not try to test/log errno. You may want to use strace / ktrace / truss to find out which error actually happened. > In nginx log (debug mode) I get > > 2019/01/21 23:50:01 [debug] 26#26: *27497 http check ssl handshake > 2019/01/21 23:50:01 [debug] 26#26: *27497 http recv(): 1 > 2019/01/21 23:50:01 [debug] 26#26: *27497 https ssl handshake: 0x16 > 2019/01/21 23:50:01 [debug] 26#26: *27497 tcp_nodelay > 2019/01/21 23:50:01 [debug] 26#26: *27497 SSL server name: "meteotravel.ru" > 2019/01/21 23:50:01 [debug] 26#26: *27497 SSL_do_handshake: -1 > 2019/01/21 23:50:01 [debug] 26#26: *27497 SSL_get_error: 2 > 2019/01/21 23:50:01 [debug] 26#26: *27497 reusable connection: 0 > 2019/01/21 23:50:02 [debug] 26#26: *27497 SSL handshake handler: 0 > 2019/01/21 23:50:02 [debug] 26#26: *27497 SSL_do_handshake: -1 > 2019/01/21 23:50:02 [debug] 26#26: *27497 SSL_get_error: 5 > 2019/01/21 23:50:02 [info] 26#26: *27497 peer closed connection in SSL > handshake while SSL handshaking, client: 10.244.5.0, server: 0.0.0.0:443 From nginx point of view, the connection was closed by the client. The error as returned by OpenSSL is SSL_ERROR_SYSCALL, and errno is 0 so it is not logged. This indicate a clean TCP-level connection close by the other side. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
