Hi Jon, Sorry for the delay, there was a lot of movement and investigation to get to the bottom of this. What seems to be the issue is that older clients that support sslv3 but not tls appeared to get errors.
Running $ openssl s_client -ssl3 -connect <fqdn>:443 -servername <fqdn> would always fail with a handhshake error. As soon as we drop "-ssl3, everything goes ok. Looking into the "illegal parameter" you get, we cannot reproduce, and we have to pin it down to the version of software that you're running. Looking online, every report of open ssl throwing "illegal parameter" seemed to have to do with the version of openSSL or a client-side config. I then went to check with the back-end team to see what was happening there. Turns out it is indeed working as intended. SNI does not support SSLv3. To get such a certificate up and running, I would suggest moving to a Virtual IP <https://cloud.google.com/appengine/docs/ssl#virtual_ip_vip>, which can help your situation. I hope that this will provide enough to shed some light on this. Cheers On Monday, August 24, 2015 at 11:09:22 AM UTC-4, Jon Travers wrote: > > Yes certainly. For the two locations where we've seen problems: our office > broadband is using IP address 94.10.92.68, and our London VPS is > on 46.101.45.203. > > Hope that helps > Jon > > On Monday, 24 August 2015 15:57:47 UTC+1, Patrice (Cloud Platform Support) > wrote: >> >> Hi Jon, >> >> Thank you for all that extra information, this definitely will help in >> finding out what issue you're having. >> >> Do you have on hand the IPs of the different locations/VPSes? I'm trying >> to investigate, but having the exact IP that threw up the request would >> definitely be helpful. >> >> Cheers >> > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/google-appengine. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/22263577-87d8-410c-a5c6-75b74ea36aae%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
