s/(TLS error on connection from .* \(SSL_\w+\): error:)(.*)/$1 <<detail omitted>>/;
next if /SSL verify error: depth=0 error=certificate not trusted/;
+ # OpenSSL 3.2.1
# OpenSSL 3.0.0
- s/TLS error \(D-H param setting .* error:\K.*dh key too small/xxxxxxxx:SSL routines::dh key too small/;
+ s/TLS\ error\ \(D-H\ param\ setting\ .*\ error:\K
+ .*
+ (?:dh\ key\ too\ small|unknown\ security\ bits)
+ /xxxxxxxx:SSL routines::dh key too small/x;
# OpenSSL 1.1.1
s/error:\K0B080074:x509 certificate routines:X509_check_private_key(?=:key values mismatch$)/05800074:x509 certificate routines:/;
next if /SSL verify error: depth=0 error=certificate not trusted/;
s/SSL3_READ_BYTES/ssl3_read_bytes/i;
s/CONNECT_CR_FINISHED/ssl3_read_bytes/i;
- s/^[[:xdigit:]]+:error:[[:xdigit:]]+(?:E[[:xdigit:]]+)?(:SSL routines:ssl3_read_bytes:[^:]+:).*(:SSL alert number \d\d)$/pppp:error:dddddddd$1\[...\]$2/;
+ s/^[[:xdigit:]]+:error:[[:xdigit:]]+(?:E[[:xdigit:]]+)?
+ (:SSL\ routines:ssl3_read_bytes:)
+ ssl(?:v3|\/tls)
+ ([^:]+:)
+ .*
+ (:SSL\ alert\ number\ \d\d)$
+ /pppp:error:dddddddd$1sslv3$2\[...\]$3/x;
s/^error:\K[^:]*:(SSL routines:ssl3_read_bytes:(tls|ssl)v\d+ alert)/dddddddd:$1/;
s/^error:\K[[:xdigit:]]+:SSL routines::(tlsv13 alert certificate required)$/dddddddd:SSL routines:ssl3_read_bytes:$1/;
- s/^error:\K[[:xdigit:]]+:SSL routines::((tlsv1|sslv3) alert (unknown ca|certificate revoked))$/dddddddd:SSL routines:ssl3_read_bytes:$1/;
+ s/^error:\K
+ [[:xdigit:]]+:SSL\ routines::
+ ((?:tlsv1|sslv3)\ alert\ (?:unknown\ ca|certificate\ revoked))$
+ /dddddddd:SSL routines:ssl3_read_bytes:$1/x;
+ s/^error:\K
+ [[:xdigit:]]+:SSL\ routines::
+ ssl\/tls\ (alert\ (?:unknown\ ca|certificate\ revoked))$
+ /dddddddd:SSL routines:ssl3_read_bytes:sslv3 $1/x;
# gnutls version variances
next if /^Error in the pull function./;