Vaultwarden docker logs tls handshake failed

Hey,

when i scroll trough my logs with docker logs i see many tls handshake errors. What do they exactly mean? Are they important? Is someone trying to do something nasty?

[2022-09-08 02:12:12.580][rustls::msgs::handshake][WARN] Illegal SNI hostname received [57, 53, 46, 49, 49, 52, 46, 49, 48, 52, 46, 49, 54, 52]
[2022-09-08 02:12:12.580][rustls::conn][WARN] Sending fatal alert DecodeError
[2022-09-08 02:12:12.581][rocket_http::tls::listener][WARN] tls handshake with removed_ip::35494 failed: received corrupt message of type Handshake
[2022-09-08 02:18:30.367][rocket_http::tls::listener][WARN] tls handshake with removed_ip:44602 failed: received corrupt message
[2022-09-08 02:18:30.540][rocket_http::tls::listener][WARN] tls handshake with removed_ip:44622 failed: tls handshake eof
[2022-09-08 02:49:04.019][rocket_http::tls::listener][WARN] tls handshake with removed_ip:65133 failed: received corrupt message
[2022-09-08 02:49:04.378][rocket_http::tls::listener][WARN] tls handshake with removed_ip:65165 failed: tls handshake eof
[2022-09-08 03:03:01.920][rocket_http::tls::listener][WARN] tls handshake with removed_ip:43280 failed: received corrupt message
[2022-09-08 03:09:51.840][rocket_http::tls::listener][WARN] tls handshake with removed_ip:45466 failed: received corrupt message
[2022-09-08 03:47:38.720][rocket_http::tls::listener][WARN] tls handshake with removed_ip:53434 failed: received corrupt message
[2022-09-08 03:47:39.018][rocket_http::tls::listener][WARN] tls handshake with removed_ip:53447 failed: tls handshake eof
[2022-09-08 04:19:22.069][rocket_http::tls::listener][WARN] tls handshake with removed_ip:60016 failed: received corrupt message
[2022-09-08 04:19:22.321][rocket_http::tls::listener][WARN] tls handshake with removed_ip:60032 failed: tls handshake eof
[2022-09-08 04:39:22.183][rocket_http::tls::listener][WARN] tls handshake with removed_ip:33078 failed: received corrupt message
[2022-09-08 04:39:22.238][rocket_http::tls::listener][WARN] tls handshake with removed_ip:33085 failed: tls handshake eof
[2022-09-08 05:00:57.800][rocket_http::tls::listener][WARN] tls handshake with removed_ip:45382 failed: received corrupt message
[2022-09-08 05:15:52.381][rocket_http::tls::listener][WARN] tls handshake with removed_ip:38750 failed: received corrupt message
[2022-09-08 05:34:11.700][rocket_http::tls::listener][WARN] tls handshake with removed_ip:56922 failed: received corrupt message

the removed ip’s are all different. Im using Lets Encrypt and my Certificate is fine.

Thanks!

Looks like drive by hack attempts on your IP address.
We do suggest to use a reverse proxy in front of Vaultwarden to prevent issues like this. Also, websockets do not work without a reverse proxy unfortunately, so that is probably not working for you right now.

What would be the benefit of using a reverse proxy? How does that protect me from these attacks?

Well, for one, it will block invalid SNI’s. Has mostly better SSL support or at least more fault tolerance. And, as mentioned before, you are able to enable the websocket support, which isn’t possible without a reverse proxy