You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Bryan Call (JIRA)" <ji...@apache.org> on 2014/05/20 01:17:38 UTC
[jira] [Commented] (TS-2653) SSL Error message cleanup
[ https://issues.apache.org/jira/browse/TS-2653?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14002566#comment-14002566 ]
Bryan Call commented on TS-2653:
--------------------------------
[~Kang Li]
Do you have a fix for this?
> SSL Error message cleanup
> -------------------------
>
> Key: TS-2653
> URL: https://issues.apache.org/jira/browse/TS-2653
> Project: Traffic Server
> Issue Type: Bug
> Components: Logging, SSL
> Reporter: Bryan Call
> Assignee: Bryan Call
> Fix For: 5.0.0
>
>
> We see a lot of SSL error messages in production. It would be good to determine if these are really errors or remove logging of some of these errors:
> {code}
> -bash-4.1$ tail -100000 diags.log | cut -f4-20 -d : | grep SSL | sort | uniq -c | sort -rn
> 3108 SSL::36:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3079 SSL::32:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3068 SSL::27:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3051 SSL::44:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3043 SSL::24:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3041 SSL::47:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3041 SSL::38:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3040 SSL::46:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3025 SSL::34:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3025 SSL::25:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3021 SSL::31:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3011 SSL::42:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3006 SSL::39:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3004 SSL::29:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 3000 SSL::30:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 2996 SSL::43:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 2993 SSL::45:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 2977 SSL::40:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 2976 SSL::33:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 2974 SSL::41:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 2974 SSL::28:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 2958 SSL::37:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 2947 SSL::35:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 2922 SSL::26:error:140943E8:SSL routines:SSL3_READ_BYTES:reason(1000):s3_pkt.c:1256:SSL alert number 0
> 28 SSL::36:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 26 SSL::24:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 25 SSL::44:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 25 SSL::27:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 24 SSL::34:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 24 SSL::30:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 23 SSL::39:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 23 SSL::33:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 23 SSL::32:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 22 SSL::44:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 21 SSL::38:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 20 SSL::45:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 20 SSL::41:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 20 SSL::28:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 19 SSL::42:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 19 SSL::41:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 19 SSL::35:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 18 SSL::47:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 18 SSL::37:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 18 SSL::34:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 18 SSL::31:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 18 SSL::24:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 17 SSL::46:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 17 SSL::43:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 17 SSL::40:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 17 SSL::26:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 16 SSL::47:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 16 SSL::42:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 15 SSL::35:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 15 SSL::25:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 14 SSL::45:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 14 SSL::43:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 14 SSL::37:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 14 SSL::36:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 14 SSL::29:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 13 SSL::39:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 13 SSL::28:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 12 SSL::38:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 12 SSL::31:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 12 SSL::29:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 12 SSL::25:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 11 SSL::46:error:14094415:SSL routines:SSL3_READ_BYTES:sslv3 alert certificate expired:s3_pkt.c:1256:SSL alert number 45
> 11 SSL::40:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 11 SSL::33:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 11 SSL::32:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 11 SSL::26:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 9 SSL::30:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 9 SSL::27:error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1256:SSL alert number 48
> 5 SSL::45:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 5 SSL::29:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 4 SSL::47:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 4 SSL::34:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 3 SSL::43:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 3 SSL::42:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 3 SSL::40:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1256:SSL alert number 20
> 3 SSL::37:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 3 SSL::37:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 3 SSL::31:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 3 SSL::28:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 3 SSL::27:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 3 SSL::24:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 2 SSL::43:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 2 SSL::41:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 2 SSL::40:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 2 SSL::39:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 2 SSL::38:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
> 2 SSL::36:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 2 SSL::33:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 2 SSL::30:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 2 SSL::30:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 2 SSL::26:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 2 SSL::26:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 2 SSL::25:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 1 SSL::47:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 1 SSL::46:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 1 SSL::46:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1256:SSL alert number 10
> 1 SSL::46:error:1408F081:SSL routines:SSL3_GET_RECORD:block cipher pad is wrong:s3_pkt.c:410:
> 1 SSL::45:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1256:SSL alert number 10
> 1 SSL::44:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 1 SSL::43:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1256:SSL alert number 20
> 1 SSL::41:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 1 SSL::40:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 1 SSL::38:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 1 SSL::36:error:1408F081:SSL routines:SSL3_GET_RECORD:block cipher pad is wrong:s3_pkt.c:410:
> 1 SSL::35:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 1 SSL::35:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
> 1 SSL::34:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 1 SSL::34:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1256:SSL alert number 20
> 1 SSL::33:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 1 SSL::33:error:1408F081:SSL routines:SSL3_GET_RECORD:block cipher pad is wrong:s3_pkt.c:410:
> 1 SSL::32:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1256:SSL alert number 20
> 1 SSL::32:error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac:s3_pkt.c:484:
> 1 SSL::29:error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate:s3_pkt.c:1256:SSL alert number 42
> 1 SSL::29:error:140943F2:SSL routines:SSL3_READ_BYTES:sslv3 alert unexpected message:s3_pkt.c:1256:SSL alert number 10
> 1 SSL::27:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337:
> 1 SSL::25:error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac:s3_pkt.c:1256:SSL alert number 20
> {code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)