trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: [ANNOUNCE] Apache Traffic Server 5.3.1 is released!
Date Mon, 06 Jul 2015 10:51:26 GMT
thanks!

TLS is fixed compared to 5.3.0 and no longer responding after testing 
with ssllabs (no shared ciphers error in FF), older TLS issues are still 
present

* https://www.ssllabs.com/ssltest/
   Session resumption (tickets) 	Yes
   *why* when ssl_ticket_enabled=0 in each line
   of /etc/trafficserver/ssl_multicert.config

* still no "ab" benchmarking possible wich is *really* odd
   and as said multiple times that has nothing to do with
   SSL2/SSL3 enabled, it's disabled on httpd too and ab
   works just fine
   SSL handshake failed (1).
   140694896433120:error:14077410:SSL
   routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
   failure:s23_clnt.c


Am 04.07.2015 um 18:08 schrieb Phil Sorber:
> Apache Traffic Server v5.3.1 Released
>
> The Apache Software Foundation and the Apache Traffic Server project
> are pleased to announce the release of Apache Traffic Server v5.3.1!
> This is our second stable release in the 5.3.x LTS branch, and is
> immediately available for download at:
>
> http://trafficserver.apache.org/downloads
>
> Upgrading from 5.x should be seamless. Upgrading from the previous
> releases, 3.2.0 and later, to v5.3.1 should preserve the cache and not
> require it to be cleared.  More details are available at:
>
> https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v5.0
>
> This release is primarily bug fixes. For a list of what’s changed in
> this release, please see
>
> https://cwiki.apache.org/confluence/display/TS/What%27s+New+in+v5.3.x
>
> For a list of all JIRA’s for this release, please see
>
> https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327092&projectId=12310963
>
> Of special note are two fixes for CVE-2015-3249 that effect the HTTP/2
> experimental feature in Apache Traffic Server 5.3.0. They are both DOS
> attacks and can be avoided by simply disabling HTTP/2 or upgrading to
> this release.
>
> 5.3.x will be the last minor version in the 5.x release and is a Long
> Term Support (LTS) release.
>
> Sincerely,
>
> -- The Apache Traffic Server community



Mime
View raw message