[erlang-questions] Log SSL errors' originating IP addresses

Kaiduan Xie kaiduanx@REDACTED
Mon Nov 23 15:46:41 CET 2015


Looks like those errors happen at SSL handshake stage, you can log the
IP address at your application.

{ok, Socket} = ssl:transport_accept(Listen_socket)
case ssl:ssl_accept(Socket) of
    ok->
          ....
    {error, Reason} ->
        log the source IP of Socket here

/Kaiduan

On Mon, Nov 23, 2015 at 9:09 AM, Roberto Ostinelli <roberto@REDACTED> wrote:
> All,
> I'm using Cowboy with SSL, and I'm often seeing errors like these ones:
>
> SSL: hello: tls_handshake.erl:174:Fatal error: protocol version
> SSL: certify: ssl_alert.erl:93:Fatal error: illegal parameter
> SSL: hello: tls_handshake.erl:167:Fatal error: insufficient security
>
> And so on.
>
> To my understanding, these are pretty normal and result from a variety of
> reasons (attacks, bad clients using deprecated SSL protocols, etc).
>
> My question is, though: is there any way to log the IP addresses that
> originate these errors?
> Since these happen at Erlang level, they do not even hit my application and
> am unsure of what my best options are.
>
> Thank you for reading this.
>
> Best,
> r.
>
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>



More information about the erlang-questions mailing list