How to investigate weird connections from log?


Suddenly I found some repeatable lines in the log of my forum:

Job exception: SSL_connect returned=1 errno=0 peeraddr= state=error: dh key too small

I searched meta for similar topics by dh key too small and cannot find relatives because forum is similar to be fine after rebuild this week (emails and auth work).

I’m sure that I don’t use any connections to because this is MIT address located in MA (my forum in Russia). I suspect this address may be hardcoded in some plugin.

Could someone share their experience on how to investigate such incidents? I tried to grep that IP in app directory with no results.

That’s most likely a onebox attempt that failed because the URL is behind a server with broken TLS configuration.

1 Like

Thanks a lot for the quick reply! Really, some lines in the stacktrace say about onebox. You are right, server is under several proxies). Now the question is clear. Have a nice day :+1:


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.