Bug #2269


(connections.c.271) SSL: -1 5 0 Undefined error: 0

Added by over 10 years ago. Updated almost 10 years ago.

Target version:


The OS's base OpenSSL was updated from 0.9.8k to OpenSSL 1.0.0a and now all SSL connection attempts result in the error message "(connections.c.271) SSL: -1 5 0 Undefined error: 0" in the error log.


ssl-encoding-algorithms.diff (357 Bytes) ssl-encoding-algorithms.diff, 2010-11-06 21:52

Related issues

Has duplicate Bug #2306: SSL regression following r2780Duplicate2011-03-28Actions

Updated by stbuehler over 10 years ago

  • Priority changed from High to Low
  • Target version changed from 1.4.29 to 1.4.x

I just checked the code, and i don't think we do anything wrong there.
ssl returned SSL_ERROR_SYSCALL, but errno was 0 after SSL_read.


Updated by Olaf-van-der-Spek over 10 years ago

Some I/O error occurred. The OpenSSL error queue may contain more information on the error. If the error queue is empty (i.e. ERR_get_error() returns 0), ret can be used to find out more about the error: If ret 0, an EOF was observed that violates the protocol. If ret -1, the underlying BIO reported an I/O error (for socket I/O on Unix systems, consult errno for details).


Updated by over 10 years ago

Adding to this issue... I was seeing the error messages with each and every connection attempt and not being able to connect via HTTPS. I applied the attached patch and I am now seeing the error message only once upon the first HTTPS connection for each vhost and that connection as well as any other connections are now successful.


Updated by stbuehler almost 10 years ago

  • Priority changed from Low to High
  • Target version changed from 1.4.x to 1.4.29
  • algorithms got added in @2780
  • i tried to debug the issue, and the problem is that lighty 1.4.x + openssl 1.0.0 fails with TLS clients. but if you compile lighttpd with -O0 instead of -O2 it works, so it looks like there is some memory corruption or whatever. valgrind didn't help though, and neither did clang.

Updated by stbuehler almost 10 years ago

  • Status changed from New to Fixed
  • % Done changed from 0 to 100

Applied in changeset r2788.


Updated by almost 10 years ago

Yes with the commited patch back ported this fixes this symptom as well as the issues I was also experiencing along with sthen with ticket 2306 as I had asked him to report that. I could not connect with lynx, openssl s_client as well as some online SSL testers which are all working now.

Also available in: Atom