Re: check ssl

Wed, 10 Feb 2016 08:27:38 -0800 

It's working, server is UP.

2016-02-10 17:21 GMT+01:00 Baptiste <[email protected]>:
> On Wed, Feb 10, 2016 at 5:11 PM, Beluc <[email protected]> wrote:
>> Hi,
>>
>> I can't find out why ssl check is not working while openssl return is ok.
>>
>> global
>>     ssl-default-bind-ciphers
>> kEECDH+aECDSA+AES:kEECDH+aRSA+AES:kRSA+AES:+AES256:!kEDH:!LOW:!EXP:!MD5:!RC4:!aNULL:!eNULL
>>
>> backend ABC
>>     mode http
>>     server 1.2.3.4 1.2.3.4:443 check ssl verify required ca-file
>> /etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem
>>
>>
>> # echo Q | openssl s_client -connect 1.2.3.4:443 -CAfile
>> /etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem -cipher
>> 'kEECDH+aECDSA+AES:kEECDH+aRSA+AES:kRSA+AES:+AES256:!kEDH:!LOW:!EXP:!MD5:!RC4:!aNULL:!eNULL'
>> CONNECTED(00000003)
>> depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
>> verify return:1
>> depth=1 O = AlphaSSL, CN = AlphaSSL CA - G2
>> verify return:1
>> depth=0 C = FR, OU = Domain Control Validated, CN = sslABC
>> verify return:1
>> ---
>> Certificate chain
>>  0 s:/C=FR/OU=Domain Control Validated/CN=sslABC
>>    i:/O=AlphaSSL/CN=AlphaSSL CA - G2
>>  1 s:/O=AlphaSSL/CN=AlphaSSL CA - G2
>>    i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
>>  2 s:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
>>    i:/C=BE/O=GlobalSign nv-sa/OU=Root CA/CN=GlobalSign Root CA
>> ---
>> Server certificate
>> -----BEGIN CERTIFICATE-----
>> [...]
>> -----END CERTIFICATE-----
>> subject=/C=FR/OU=Domain Control Validated/CN=sslABC
>> issuer=/O=AlphaSSL/CN=AlphaSSL CA - G2
>> ---
>> No client certificate CA names sent
>> ---
>> SSL handshake has read 3289 bytes and written 523 bytes
>> ---
>> New, TLSv1/SSLv3, Cipher is AES256-SHA
>> Server public key is 2048 bit
>> Secure Renegotiation IS supported
>> Compression: NONE
>> Expansion: NONE
>> SSL-Session:
>>     Protocol  : TLSv1
>>     Cipher    : AES256-SHA
>>     Session-ID:
>>     Session-ID-ctx:
>>     Master-Key: [...]
>>     Key-Arg   : None
>>     PSK identity: None
>>     PSK identity hint: None
>>     SRP username: None
>>     Start Time: 1455120471
>>     Timeout   : 300 (sec)
>>     Verify return code: 0 (ok)
>> ---
>> DONE
>>
>> I also forced tlsv1 use without success.
>>
>> Did I miss something ?
>>
>> Regards
>>
>
> What happens when you use "verify none" ?
>
> Baptiste

Reply via email to