'ssl handshake failed crypto error' log entries

Wouter Wijngaards wouter at nlnetlabs.nl
Tue Sep 3 07:48:59 UTC 2019


Hi Cristoph,

On 8/28/19 8:42 PM, Christoph via Unbound-users wrote:
> Hi,
> 
> on our public DoT server running unbound we get a lot (> 20 MB / day)
> of the following errors even though we run in verbosity level 0.
> 
> Our understanding is that this isn't anything we can do about.
> Could you remove these entries from verbosity level 0?

Yes, removed them until verbosity 3 is set.  Specifically for these
errors.  Thanks for the report, filling the logs with useless content is
not the point of log level 0.

Best regards, Wouter

> 
> 
>  ssl handshake failed crypto error:1408F09B:SSL
> routines:ssl3_get_record:https proxy request
>  ssl handshake failed crypto error:1408F09C:SSL
> routines:ssl3_get_record:http request
>  ssl handshake failed crypto error:1408F10B:SSL
> routines:ssl3_get_record:wrong version number
>  ssl handshake failed crypto error:14094412:SSL
> routines:ssl3_read_bytes:sslv3 alert bad certificate
>  ssl handshake failed crypto error:1417A0C1:SSL
> routines:tls_post_process_client_hello:no shared cipher
>  ssl handshake failed crypto error:142090FC:SSL
> routines:tls_early_post_process_client_hello:unknown protocol
>  ssl handshake failed crypto error:14209102:SSL
> routines:tls_early_post_process_client_hello:unsupported protocol
>  ssl handshake failed crypto error:1420918C:SSL
> routines:tls_early_post_process_client_hello:version too low
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20190903/a3952297/attachment.bin>


More information about the Unbound-users mailing list