Hello! On Sat, Jul 23, 2022 at 04:59:35PM -0400, Jay Haines wrote:
> My nginx error log is being filled with errors which I believe are being > surfaced from OpenSSL. The log entries number in the hundreds of > thousands per day and I understand they are most likely due to > conditions beyond my control. Examples of the log entries are: > > 2022/07/23 16:26:32 [crit] 849483#849483: *8078348 SSL_do_handshake() > failed (SSL: error:0A00006E:SSL routines::bad extension) while SSL > handshaking, client: 113.211.208.188, server: 0.0.0.0:443 Quoting nginx 1.23.1 CHANGES (http://nginx.org/en/CHANGES): *) Change: the logging level of the "bad key share", "bad extension", "bad cipher", and "bad ecpoint" SSL errors has been lowered from "crit" to "info". Upgrade to nginx 1.23.1, these errors should go away. > 2022/07/23 16:26:33 [alert] 849481#849481: *8078448 could not allocate > new session in SSL session shared cache "le_nginx_SSL" while SSL > handshaking, client: 175.156.80.121, server: 0.0.0.0:443 This error indicate that nginx wasn't able to allocate new session in the SSL session cache defined by the "ssl_session_cache" directive, and removing an old session didn't help. This basically indicate that the SSL session cache is too small, and it would be a good idea to either configure a larger cache or reduce ssl_session_timeout. The logging level is probably a bit too scary, see https://trac.nginx.org/nginx/ticket/621 for details. > Is there any way to bypass logging these errors? See above, hope this helps. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
