trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: ssl termination does not work
Date Wed, 07 Aug 2013 08:33:05 GMT


Am 07.08.2013 05:45, schrieb Leif Hedstrom:
> On Aug 7, 2013, at 1:54 AM, Reindl Harald <h.reindl@thelounge.net> wrote:
> 
>> anybody an idea what's wrong here?
>> see errors from "traffic.out" blow
>> trafficserver-3.2.5-3.fc19.20130803.rh.x86_64
>>
>> finally i want paly around with having apache only on 127.0.0.1
>> without mod_ssl and trafficserver making the ssl-termination, in
>> the first step ip-based like httpd and if possible finally with
>> SNI for more than one vhost, well but i do not get the basics work
>>
>> Firefox:
>> An error occurred during a connection to rhsoft.testserver.
>> Cannot communicate securely with peer: no common encryption algorithm(s).
>> (Error code: ssl_error_no_cypher_overlap)
> 
> I've typically seen these types of errors if no certificates are loaded. 

and that is why i posted the used config snippet because
i am trying this the first time, the documentation is
poor (cipher params) and there are several bugreports
stating this behavior without SNI but they should be
fixed in the recent version

on the other hand the docs do not state how to configure ATS
for SNI nor how do you configure *different* domains with
different certificates and different IP's aka ip-based vhost

what i try to figure out is what config would be needed
if we decide sooner or later ATS in front of SSL websites
and if it is possible giving the ATS machine the ip-addresses
of the sites in question and let it connect unecncrypted to
the origin server which would stay with a single IP from this
moment

BTW: the certifictae has the same permissions as any other ATS config

> Maybe check your logs

there is nothing except the whining of read-only /etc


Mime
View raw message