(SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

(SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream

Liam Moncur
Hey,
I am seeing an issue where nginx seems to get stuck in a loop soon after the above error. From the debug I am seeing:

2020/04/02 14:09:10 [error] 12875#12875: *338 SSL_read() failed (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream, client: 2a00:23c6:8238:6501:54e9:28f4:54e:1a91, server: www.findafishingboat.com, request: "GET /boat-list/fishing-boats-for-sale-over-15m HTTP/2.0", upstream: "https://194.39.167.98:443/boat-list/fishing-boats-for-sale-over-15m", host: "www.findafishingboat.com"

Then shortly after I get a loop of the following:

2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0
2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0

Any thoughts would be lovely.

Thanks,
Liam
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream

Liam Moncur
We were able to resolve this by enabling proxy_buffering. The root cause for why it started happening is still being investigated.

Thanks,
Liam

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, April 2, 2020 2:26 PM, Liam Moncur <[hidden email]> wrote:

> Hey,
> I am seeing an issue where nginx seems to get stuck in a loop soon after the above error. From the debug I am seeing:
>
> 2020/04/02 14:09:10 [error] 12875#12875: *338 SSL_read() failed (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream, client: 2a00:23c6:8238:6501:54e9:28f4:54e:1a91, server: www.findafishingboat.com, request: "GET /boat-list/fishing-boats-for-sale-over-15m HTTP/2.0", upstream: "https://194.39.167.98:443/boat-list/fishing-boats-for-sale-over-15m", host: "www.findafishingboat.com"
>
> Then shortly after I get a loop of the following:
>
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0
>
> Any thoughts would be lovely.
>
> Thanks,
> Liam


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream

Maxim Dounin
In reply to this post by Liam Moncur
Hello!

On Thu, Apr 02, 2020 at 01:26:02PM +0000, Liam Moncur wrote:

> Hey,
> I am seeing an issue where nginx seems to get stuck in a loop soon after the above error. From the debug I am seeing:
>
> 2020/04/02 14:09:10 [error] 12875#12875: *338 SSL_read() failed (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream, client: 2a00:23c6:8238:6501:54e9:28f4:54e:1a91, server: www.findafishingboat.com, request: "GET /boat-list/fishing-boats-for-sale-over-15m HTTP/2.0", upstream: "https://194.39.167.98:443/boat-list/fishing-boats-for-sale-over-15m", host: "www.findafishingboat.com"
>
> Then shortly after I get a loop of the following:
>
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0
>
> Any thoughts would be lovely.

First of all, check OpenSSL version you are using.
Running "nginx -V" will show all needed details.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream

Liam Moncur
In reply to this post by Liam Moncur
It seems to related to apache set ups on the origin that were running openssl 1.1.1e since the upgrade to 1.1.1f it seems better and the SSL_read errors are gone.

https://github.com/openssl/openssl/issues/11381#issuecomment-607732081

Liam


Sent from ProtonMail mobile



-------- Original Message --------
On 3 Apr 2020, 07:20, Liam Moncur < [hidden email]> wrote:

We were able to resolve this by enabling proxy_buffering. The root cause for why it started happening is still being investigated.

Thanks,
Liam

Sent with ProtonMail Secure Email.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, April 2, 2020 2:26 PM, Liam Moncur <[hidden email]> wrote:

> Hey,
> I am seeing an issue where nginx seems to get stuck in a loop soon after the above error. From the debug I am seeing:
>
> 2020/04/02 14:09:10 [error] 12875#12875: *338 SSL_read() failed (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream, client: 2a00:23c6:8238:6501:54e9:28f4:54e:1a91, server: www.findafishingboat.com, request: "GET /boat-list/fishing-boats-for-sale-over-15m HTTP/2.0", upstream: "https://194.39.167.98:443/boat-list/fishing-boats-for-sale-over-15m", host: "www.findafishingboat.com"
>
> Then shortly after I get a loop of the following:
>
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0
>
> Any thoughts would be lovely.
>
> Thanks,
> Liam


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx