Suppress error logs when clients connect over HTTP instead of HTTPS (#77397)

Author: jportner

src/legacy/server/logging/log_interceptor.js

@@ -20,7 +20,11 @@
 import Stream from 'stream';
 import { get, isEqual } from 'lodash';
 
-const GET_CLIENT_HELLO = /GET_CLIENT_HELLO:http/;
+/**
+ * Matches error messages when clients connect via HTTP instead of HTTPS; see unit test for full message. Warning: this can change when Node
+ * and its bundled OpenSSL binary are upgraded.
+ */
+const OPENSSL_GET_RECORD_REGEX = /ssl3_get_record:http/;
 
 function doTagsMatch(event, tags) {
   return isEqual(get(event, 'tags'), tags);
@@ -124,7 +128,7 @@ export class LogInterceptor extends Stream.Transform {
   }
 
   downgradeIfHTTPWhenHTTPS(event) {
-    return downgradeIfErrorMessage(GET_CLIENT_HELLO, event);
+    return downgradeIfErrorMessage(OPENSSL_GET_RECORD_REGEX, event);
   }
 
   _transform(event, enc, next) {

src/legacy/server/logging/log_interceptor.test.js

@@ -147,7 +147,7 @@ describe('server logging LogInterceptor', () => {
   describe('#downgradeIfHTTPWhenHTTPS', () => {
     it('transforms http requests when serving https errors', () => {
       const message =
-        '40735139278848:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:../deps/openssl/openssl/ssl/s23_srvr.c:394';
+        '4584650176:error:1408F09C:SSL routines:ssl3_get_record:http request:../deps/openssl/openssl/ssl/record/ssl3_record.c:322:\n';
       const interceptor = new LogInterceptor();
       const event = stubClientErrorEvent({ message });
       assertDowngraded(interceptor.downgradeIfHTTPWhenHTTPS(event));