SSL error triggered when max_children is hit

[grke]

From the mailing list:

I have recently upgraded some servers to Debian Bookworm which comes with
OpenSSL 3 (3.0.9). Debian's Burp package contains Burp 3.1.4.

It seems that when the Burp master rejects a connection due to
max_children being hit, this triggers an error on the client side
(Bookworm, Burp 3.1.4).
I was able to reproduce this by setting max_children=1 and starting "burp
-a l" on three servers at once:

emirates:~# burp -a l
2023-07-10 10:56:53 +0200: burp[6941] Connecting to titan.example.com:4971
2023-07-10 10:56:53 +0200: burp[6941] SSL connect error: 1
8090FA8B9D7F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof
while reading:../ssl/record/rec_layer_s3.c:303:

Clients that haven't been updated don't throw the "unexpected eof" line.

The unexpected EOF failure was introduced in OpenSSL 3 to prevent
truncation attacks:
https://www.openssl.org/docs/manmaster/man3/SSL_CTX_set_options.html#SSL_OP_IGNORE_UNEXPECTED_EOF

Root cause could be this: "Some TLS implementations do not send the
mandatory close_notify alert on shutdown."

[vt-alt]

On ALT Linux after compiling burp with openssl3 we started to get similar error: 80BB4FD6657F0000:error:0A000126:SSL routines:ssl3_read_n:unexpected eof while reading:ssl/record/rec_layer_s3.c:303:.