Saturday, February 01, 2020

Re: SSL protocol errors with Nginx on OpenBSD current and Firefox or Chrome clients

On 2020/01/31 19:23, Mikolaj Kucharski wrote:
> Hi,
>
> I have Nginx running for many OpenBSD relesase, with TLS enabled (Let's
> Encrypt certificates). I upgraded recently to:
>
> OpenBSD 6.6-current (GENERIC.MP) #626: Thu Jan 30 19:26:22 MST 2020
> deraadt@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> and recent package snapshot:
>
> # awk '/digital-signature/ {print $NF}' /var/db/pkg/quirks-3.223/+CONTENTS
> signify2:2020-01-30T18:08:23Z:external
>
> I see problem with Chrome and Firefox on Windows and on OpenBSD.
> Firefox returns SSL_ERROR_DECODE_ERROR_ALERT and Chrome returns
> ERR_SSL_PROTOCOL_ERROR.

Thanks for the report, this is a problem with libssl and doesn't only
affect nginx, I have tracked down the commit that introduced it and
reported it on bugs@

https://marc.info/?l=openbsd-bugs&m=158055600317282&w=2

> Is it known problem? I don't see this issue with httpd(8) and similar
> setup.

I tested with httpd as well, it does occur there too for me.

When there is a problem that has just started occurring it is always
helpful to give a date of the previous working version.

No comments:

Post a Comment