-
Notifications
You must be signed in to change notification settings - Fork 5.5k
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL socket errors #438
Comments
Hmm. Are you using ssl in HTTPServer or AsyncHTTPClient here? Do you know what's on the other end of the connection when you get these errors? The stackoverflow and paste links both mention threads; are you using threads in your application? |
Thanks for answering! We're using |
If you're using WebSocketHandler then the actual SSL support is still coming from HTTPServer and IOStream, although websockets are a more complicated case because they're full duplex (and browsers have tried doing some nonstandard things with them to mitigate the BEAST SSL attack). Since these are all C-level errors (the one you said was not a C exception was a socket.error instead of an ssl.error), there may not be much we can do about it at the tornado level. The "bad address" (EFAULT) error is actually the scariest one, since it suggests a stray pointer somewhere. I'm not sure how to debug this further. |
I'm closing this bug because it is old and hasn't produced any actionable information; feel free to reopen if you're still having problems and/or can provide more details. |
Can this be reopened? I'm running into this issue quite a bit. We use tornado on pypy and see the error on both platforms. I think pypy triggers it more because it has a tendency to move objects around in memory more. Based on my digging, these all appear to be related: and it's documented in the tornado code itself: However I don't think tornado handles the error appropriately here: The error should be caught and the write_buffer_frozen, like it does for other cases and the write retried. I'll likely be experimenting with a fix soon, but reproducing can be somewhat random. We're using SSLIOStreams when this is triggered EDIT MORE EDITS As well as 'OpenSSL 1.0.2j 26 Sep 2016' on Mac OS X Version 10.11.6 (15G1004) |
We're seeing quite a few socket "Read error" and "Write error" in our logs. They're usually (but not absolutely always) associated with two C exceptions:
WARNING:Read error on 25: [Errno 1] _ssl.c:1331: error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac
WARNING:Write error on 21: [Errno 1] _ssl.c:1217: error:1409F07F:SSL routines:SSL3_WRITE_PENDING:bad write retry
The latter looks similar to the error discussed in the comments in
iostream.py
, ie python bug 8240. Could it be a slightly different case of the same bug?http://bugs.python.org/issue8240
When not associated with a C exception, we see only:
WARNING:Write error on 18: [Errno 14] Bad address
The first exception has a bit of google-juice too:
http://stackoverflow.com/questions/2603119/opening-ssl-urls-with-python
http://pythonpaste.org/news.html#id10
One thing that seems to help is running tornado from python 2.7 instead of python 2.6 - errors occur 5 times less frequently, in my last quick test (but sadly are not done away with completely)
Is there anything that can be done in the tornado code to try and avoid these? Or perhaps some way that we could use tornado differently to avoid them?
The text was updated successfully, but these errors were encountered: