05-15-2023 06:04 AM
I have a farm of remote experimentation servers running on OSX open to the outside world.
It is continuously under "attack", but so far was not hacked, fingers crossed.
Internally the remote experimentation servers use NI nativeTCP/TLS vis to run my own web + websockets servers.
The servers work well but the log file grows out of control filled with TLS related messages.
After 4 days I already have 100000 lines similar to the ones below:
[DecodeOpenSSLErrors]error:09FFF06C:PEM routines:CRYPTO_internal:no start line
TLSConf_Create: Unable to set sigalgs RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512
TLSConf_Create: Unable to set strict
NConnInfo: gNCJar.GetCookieInfo returned error 1.
What could be the cause of the above messages?
Anyway the issue is more the log file size that grows out of control than why is grows.
There should be a way to lower TLS verbosity in the log and a way to not let the log file grow so big that it fills up the HD/SSD.
This is on a Mac Mini M2 with OSX Ventura.
This issues is also present in LV 20 to 22.
Thanks
Ch.
05-25-2023 06:14 PM
@_Chris wrote:
I have a farm of remote experimentation servers running on OSX open to the outside world.
It is continuously under "attack", but so far was not hacked, fingers crossed.
😬
[DecodeOpenSSLErrors]error:09FFF06C:PEM routines:CRYPTO_internal:no start line
TLSConf_Create: Unable to set sigalgs RSA+SHA256:RSA+SHA384:RSA+SHA512:ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512
TLSConf_Create: Unable to set strict
NConnInfo: gNCJar.GetCookieInfo returned error 1.
What could be the cause of the above messages?
The root cause is... a long story. Suffice to say that a bug in LabVIEW's OpenSSL initialization may have allowed it to bind to MacOS's copy of OpenSSL, which barely ABI-compatible enough to actually work, but not compatible enough for a modern ciphersuite selection.
Anyway the issue is more the log file size that grows out of control than why is grows.
There should be a way to lower TLS verbosity in the log and a way to not let the log file grow so big that it fills up the HD/SSD.
This is on a Mac Mini M2 with OSX Ventura.
This issues is also present in LV 20 to 22.
I already fixed the root cause because it was causing major problems elsewhere. I don't think the fix made it in time for the beta though.
I'm going to need to mull over what ought to happen for these log messages. I'm concerned that it should be logged at a higher severity than it presently is, but I could be convinced that it only needs to be logged once.