1. 首页
  2. 问答
  3. [alibaba/tengine]Tengine-2.2.2: ssl_async off指令报错

[alibaba/tengine]Tengine-2.2.2: ssl_async off指令报错

2024-07-10 741 views
6

@wangfakang 我在测试Tengine2.2.2的ssl_async功能,发现要是在配置里面关闭了ssl_async选项后,ssl会报错。 报错如下 140050160477952:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769: 测试命令:ab -c 1 -n 1 https://ssl-test.xxx.net:443/ 请问这个是tengine的bug吗?

配置如下:

server {
listen 443;
ssl_async   off;
server_name ssl-test.xxx.net;
 ssl_certificate      server.crt; 
 ssl_certificate_key  server.key;

location / {
    root   html;
    index  index.html index.htm;
 }

maikafei-chen

回答

3

hi @maikafei-chen 感谢上报

@wangfakang @mrpre 看下这个指令解析的实现ngx_http_ssl_enable_async,缺少对off的解析处理,如有修复记得添加测试用例

chobits

4

@maikafei-chen The Server block you have configured(without ssl instruction end of listen) indicates it's a HTTP server not a HTTPS server. The Client Hello you have sent was treated as a bad HTTP request by Tengine.

Plz using ab -c 1 -n 1 http://ssl-test.xxx.net:443/ to access your Tengine server or using listen 443 ssl; to start Tengine as a HTTPS server.

你的配置中,server块listen的端口没有ssl指令,所以这是一个HTTP服务而不是HTTPS服务。向一个提供HTTP服务的端口发HTTPS请求,肯定会发生错误。

若想Tengine 提供HTTPS服务的话,请使用listen 443 ssl;指令开启HTTPS服务。

mrpre

3

谢谢,已经修改配置

maikafei-chen

2

我看错了,实际ngx_http_ssl_enable_async中调用 ngx_conf_set_flag_slot函数已经处理了off的情况

chobits