OPERATIONAL DEFECT DATABASE
...
...
Description of problem: When using nginx as reverse-proxy the error "error:0A000126:SSL routines::unexpected eof while reading" occurs for every request. Clients show different error-messages: curl: transfer closed with outstanding read data remaining Firefox: NS_NET_ERROR_PARTIAL_TRANSFER Chrome, Edge: net::ERR_INCOMPLETE_CHUNKED_ENCODING Version-Release number of selected component (if applicable): 1.20.1 How reproducible: Use nginx as reverse-proxy and fetch a page Steps to Reproduce: 1. dnf install -y nginx 2. cat >/etc/nginx/default.d/proxy.conf <<END location / { proxy_pass https://www.google.com; proxy_pass_request_headers off; proxy_pass_request_body off; } END 3. systemctl start nginx 4. curl -sSo /dev/null localhost 5. tail /var/log/nginx/error.log Actual results: curl: (18) transfer closed with outstanding read data remaining 2023/05/10 10:22:35 [crit] 128#128: *9 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while reading upstream, client: 127.0.0.1, server: _, request: "GET / HTTP/1.1", upstream: "https://x.x.x.x:443/", host: "localhost" Expected results: No error-message Additional info: OpenSSL 3.0 raises unexpected EOF as error (https://github.com/openssl/openssl/issues/18866#issuecomment-1194219601), but offers a setting to ignore this. nginx 1.20.2 has already integrated this: https://github.com/nginx/nginx/compare/release-1.20.1...release-1.20.2 So nginx has to be updated from 1.20.1 to 1.20.2. A test by adding the changes to 1.20.2 was successfully: dnf remove -y nginx dnf groupinstall -y "Development Tools" dnf install -y yum-utils rpm-build dnf download --source nginx rpm i nginx*.src.rpm curl -o /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch https://github.com/nginx/nginx/compare/release-1.20.1...release-1.20.2.patch sed -i 's/Patch6.*/&\nPatch7: 0008-update-to-1.20.2.patch/' /root/rpmbuild/SPECS/nginx.spec echo Skip .hgtags sed -i '/8747718e7751a9aac300595a96920141e3cc5078/,/From / {//!d;}' /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch echo Skip misc/GNUmakefile sed -i '/9b2488b2c350588423899f12fc062a35d5e86cad/,/From /{//!d;} ' /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch echo Skip docs/xml/nginx/changes.xml sed -i '/656597b6e248868d56ed25559846ab5c58f8f3ac/,/From / {//!d;} ' /root/rpmbuild/SOURCES/0008-update-to-1.20.2.patch dnf builddep -y /root/rpmbuild/SPECS/nginx.spec rpmbuild -bb /root/rpmbuild/SPECS/nginx.spec dnf install y /root/rpmbuild/RPMS/x86_64/nginx*.rpm curl -sSo /dev/null localhost
Unresolved
Click on a version to see all relevant bugs
Red Hat Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
