After installing pyopenssl, ndg-httpsclient and pyasn1 to support SSL with SNI. I get the following error, for certain https urls:
(-1, 'Unexpected EOF')
only when running under nginx
tried:
- removing the
gzipfrom nginx.
Asked
Active
Viewed 1,759 times
0
yonatan
- 595
- 1
- 4
- 18
1 Answers
0
Many TLS clients and servers consider it reasonable to abruptly close the TCP connection without finishing the TLS disconnect handshake. They may not do it all the time. It may depend on very specific, esoteric network conditions (eg, how quickly certain sends are executed). When this happens, you get the error you've reported.
Typically this isn't actually a problem. All application data has been transferred already. Unfortunately you can't be entirely sure about this (that's part of the reason there is a TLS disconnect handshake) but there may also be little or nothing you can do about it.
I don't know that nginx's TLS support closes connections this way but if this is the only symptom (in other words, if you're not losing application data) and your server uses Content-Length or Transfer-Encoding: chunked (to offer you some other protection against truncation attacks) this might just be expected behavior.
Jean-Paul Calderone
- 47,755
- 6
- 94
- 122