trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From James Peach <jpe...@apache.org>
Subject Re: ssl termination does not work
Date Wed, 07 Aug 2013 15:37:05 GMT
On Aug 6, 2013, at 4:54 PM, Reindl Harald <h.reindl@thelounge.net> wrote:

> Hi
> 
> anybody an idea what's wrong here?
> see errors from "traffic.out" blow
> trafficserver-3.2.5-3.fc19.20130803.rh.x86_64
> 
> finally i want paly around with having apache only on 127.0.0.1
> without mod_ssl and trafficserver making the ssl-termination, in
> the first step ip-based like httpd and if possible finally with
> SNI for more than one vhost, well but i do not get the basics work
> 
> Firefox:
> An error occurred during a connection to rhsoft.testserver.
> Cannot communicate securely with peer: no common encryption algorithm(s).
> (Error code: ssl_error_no_cypher_overlap)
> ________________________________________________
> 
> CONFIG proxy.config.ssl.enabled INT 1
> CONFIG proxy.config.ssl.server_port INT 443
> CONFIG proxy.config.ssl.SSLv2 INT 0
> CONFIG proxy.config.ssl.SSLv3 INT 1
> CONFIG proxy.config.ssl.TLSv1 INT 1
> CONFIG proxy.config.ssl.compression INT 0
> CONFIG proxy.config.ssl.server.cipher_suite STRING
> ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM:!SSLV2:!eNUL
> CONFIG proxy.config.ssl.client.certification_level INT 0
> CONFIG proxy.config.ssl.server.cert.filename STRING testserver.rhsoft.net.pem
> CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver/ssl
> CONFIG proxy.config.ssl.server.private_key.filename STRING testserver.rhsoft.net.pem
> CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver/ssl

https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v3.2

records.config should be:
	CONFIG proxy.config.http.server_ports ssl:443

Then in ssl_multicert.config:
	ssl_cert_name=testserver.rhsoft.net.pem

Sorry about the misleading admin documentation, I'll try to update it for the 3.4 release
...


> ________________________________________________
> 
> [Aug  7 01:49:01.962] Server {0x2aaab5e01700} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Aug  7 01:49:01.962] Server {0x2aaab5e01700} ERROR: SSL::13:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1355:
> [Aug  7 01:49:01.963] Server {0x2aaab5e01700} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Aug  7 01:49:01.963] Server {0x2aaab5e01700} ERROR: SSL::13:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1355:
> [Aug  7 01:49:01.985] Server {0x2aaab5f02700} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Aug  7 01:49:01.985] Server {0x2aaab5f02700} ERROR: SSL::14:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1355:
> [Aug  7 01:49:01.985] Server {0x2aaab5f02700} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Aug  7 01:49:01.985] Server {0x2aaab5f02700} ERROR: SSL::14:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1355:
> [Aug  7 01:49:03.487] Server {0x2aaab7100700} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Aug  7 01:49:03.488] Server {0x2aaab7100700} ERROR: SSL::15:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1355:
> [Aug  7 01:49:03.490] Server {0x2aaab7100700} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Aug  7 01:49:03.490] Server {0x2aaab7100700} ERROR: SSL::15:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1355:
> [Aug  7 01:49:03.491] Server {0x2aaab7201700} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Aug  7 01:49:03.491] Server {0x2aaab7201700} ERROR: SSL::16:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1355:
> [Aug  7 01:49:03.491] Server {0x2aaab7201700} ERROR: SSL ERROR: SSL_ServerHandShake.
> [Aug  7 01:49:03.491] Server {0x2aaab7201700} ERROR: SSL::16:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
> shared cipher:s3_srvr.c:1355:
> 
> 


Mime
View raw message