git.kaiwu.me - nginx.git/commit

author	Sergey Kandaurov <pluknet@nginx.com>
	Thu, 16 Apr 2026 13:57:13 +0000 (17:57 +0400)
committer	Sergey Kandaurov <s.kandaurov@f5.com>
	Thu, 16 Apr 2026 14:39:23 +0000 (18:39 +0400)
commit	ff8221b4db29b1d31ef31f01d989a57ac35a9dd0
tree	0b086452c5ff8e6ee03d298e4679eb2a63b7b279	tree \| snapshot
parent	ea72fa1d92af638e23def2da1790b9b0566bd23b	commit \| diff

SSL: logging level of "record layer failure" errors

The SSL_R_RECORD_LAYER_FAILURE ("record layer failure") errors are
reported by OpenSSL 3.2 or newer as the last record layer error for
various low level read errors. Further, a976e6b9e (1.23.4) caused
to always log them at the "crit" level. For example, the following
errors are observed on OpenSSL 3.2.0 - 4.0:

SSL_read() failed (SSL: error:0A000119:SSL routines::decryption failed
or bad record mac error:0A000139:SSL routines::record layer failure)
SSL_read() failed (SSL: error:1C800066:Provider routines::cipher operation
failed error:0A000119:SSL routines::decryption failed or bad record mac
error:0A000139:SSL routines::record layer failure)
SSL_read() failed (SSL: error:0A00010B:SSL routines::wrong version number
error:0A000139:SSL routines::record layer failure)

These errors are now logged at the "info" level.

Closes: https://github.com/nginx/nginx/issues/961
Co-authored-by: Smeet23 <smeetagrawal2003@gmail.com>