BugZero | Red Hat BugID RHEL-6786 - SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL

Red Hat - Defect ID: RHEL-6786

SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER at nginx with reverse-proxy

Red Hat - Defect ID: RHEL-6786

SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER at nginx with reverse-proxy

Last updated on 2/18/2025

Overall: 7.67.6

Severity: 8.28.2

Community: 66.0

Lifecycle: 5.85.8

What is the BugZero Risk Score?

Vendor details

Priority: Undefined
Status: New
Impact Category: nginx

Overall: 7.67.6

Severity: 8.28.2

Community: 66.0

Lifecycle: 5.85.8

What is the BugZero Risk Score?

Vendor details

Priority: Undefined
Status: New
Impact Category: nginx

Issue

Description of problem: When using nginx as reverse-proxy the error "error:0A000126:SSL routines::unexpected eof while reading" occurs for every request. Clients show different error-messages: curl: transfer closed with outstanding read data remaining Firefox: NS_NET_ERROR_PARTIAL_TRANSFER Chrome, Edge: net::ERR_INCOMPLETE_CHUNKED_ENCODING Version-Release number of selected component (if applicable): 1.20.1 How reproducible: Use nginx as reverse-proxy and fetch a page Steps to Reproduce: 1. dnf install -y nginx 2. cat >/etc/nginx/default.d/proxy.conf <<END location / { proxy_pass https://www.google.com; proxy_pass_request_headers off; proxy_pass_request_body off; } END 3. systemctl start nginx 4. curl -sSo /dev/null localhost 5. tail /var/log/nginx/error.log Actual results: curl: (18) transfer closed with outstanding read data remaining 2023/05/10 10:22:35 [crit] 128#128: *9 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while reading upstream, client: 127.0.0.1, server: _, request: "GET / HTTP/1.1", upstream: "https://x.x.x.x:443/", host: "localhost" Expected results: No error-message Additional info: OpenSSL 3.0 raises unexpected EOF as error (https://github.com/openssl/openssl/issues/18866#issuecomment-1194219601), but offers a setting to ignore this. nginx 1.20.2 has already integrated this: https://github.com/nginx/nginx/compare/release-1.20.1...release-1.20.2 So nginx has to be updated from 1.20.1 to 1.20.2. A test by adding the changes to 1.20.2 was successfully: dnf remove -y nginx dnf groupinstall -y "Development Tools" dnf install -y yum-utils rpm-build dnf download --source nginx rpm i nginx*.src.rpm curl -o /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch https://github.com/nginx/nginx/compare/release-1.20.1...release-1.20.2.patch sed -i 's/Patch6.*/&\nPatch7: 0008-update-to-1.20.2.patch/' /root/rpmbuild/SPECS/nginx.spec echo Skip .hgtags sed -i '/8747718e7751a9aac300595a96920141e3cc5078/,/From / {//!d;}' /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch echo Skip misc/GNUmakefile sed -i '/9b2488b2c350588423899f12fc062a35d5e86cad/,/From /{//!d;} ' /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch echo Skip docs/xml/nginx/changes.xml sed -i '/656597b6e248868d56ed25559846ab5c58f8f3ac/,/From / {//!d;} ' /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch dnf builddep -y /root/rpmbuild/SPECS/nginx.spec rpmbuild -bb /root/rpmbuild/SPECS/nginx.spec dnf install y /root/rpmbuild/RPMS/x86_64/nginx*.rpm curl -sSo /dev/null localhost

Release Notes

No. of Comments

Resolution

Unresolved

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Red Hat - Defect ID: RHEL-6786

SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER at nginx with reverse-proxy

Red Hat - Defect ID: RHEL-6786

SSL-errors 0A000126 / NS_NET_ERROR_PARTIAL_TRANSFER at nginx with reverse-proxy

Last updated on 2/18/2025

Vendor details

Vendor details

Description

Issue

Release Notes

No. of Comments

Resolution

Links

Top Red Hat defects by risk score

Ready to prevent the next vendor outage?