[jira] [Created] (TS-3314) SSL errors after upgrade from 5.1.2 -> 5.2.0

Thu, 22 Jan 2015 07:11:34 -0800 

Andre created TS-3314:
-------------------------

             Summary: SSL errors after upgrade from 5.1.2 -> 5.2.0
                 Key: TS-3314
                 URL: https://issues.apache.org/jira/browse/TS-3314
             Project: Traffic Server
          Issue Type: Bug
          Components: Core, SSL
            Reporter: Andre


I upgraded my ATS from 5.1.2 to 5.2.0 by keeping all my config files.

When I start the trafficserver, I do get errors in the diags.log and https 
sites do not work. Here is an extract of the diags.log:

{code}
[Jan 22 15:19:58.381] Server {0x2b42c3b03bc0} NOTE: loading SSL certificate 
configuration from /opt/trafficserver/etc/trafficserver/ssl_multicert.config
[Jan 22 15:19:58.386] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source 
returned invalid parameters
[Jan 22 15:19:58.386] Server {0x2b42c3b03bc0} ERROR: failed to load SSL 
certificate specification from 
/opt/trafficserver/etc/trafficserver/ssl_multicert.config line 57
[Jan 22 15:19:58.391] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source 
returned invalid parameters
[Jan 22 15:19:58.392] Server {0x2b42c3b03bc0} ERROR: failed to load SSL 
certificate specification from 
/opt/trafficserver/etc/trafficserver/ssl_multicert.config line 58
[Jan 22 15:19:58.396] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source 
returned invalid parameters
[Jan 22 15:19:58.397] Server {0x2b42c3b03bc0} ERROR: failed to load SSL 
certificate specification from 
/opt/trafficserver/etc/trafficserver/ssl_multicert.config line 59
[Jan 22 15:19:58.401] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source 
returned invalid parameters
[Jan 22 15:19:58.413] Server {0x2b42c3b03bc0} NOTE: traffic server running
[Jan 22 15:19:58.494] Server {0x2b42c9547700} NOTE: cache enabled
[Jan 22 15:20:01.176] Server {0x2b42d4f17700} ERROR: 
SSL::47566040430336:error:140BA0C3:SSL routines:SSL_new:null ssl 
ctx:ssl_lib.c:281: peer address is 2a01:4f8:160:24ca::3
[Jan 22 15:20:01.176] Server {0x2b42d4f17700} ERROR: failed to create SSL 
server session
[Jan 22 15:22:19.813] Server {0x2b42d5018700} ERROR: 
SSL::47566041483008:error:140BA0C3:SSL routines:SSL_new:null ssl 
ctx:ssl_lib.c:281: peer address is 66.249.64.77
[Jan 22 15:22:19.813] Server {0x2b42d5018700} ERROR: failed to create SSL 
server session
[Jan 22 15:25:01.191] Server {0x2b42d5119700} ERROR: 
SSL::47566042535680:error:140BA0C3:SSL routines:SSL_new:null ssl 
ctx:ssl_lib.c:281: peer address is 2a01:4f8:160:24ca::3
[Jan 22 15:25:01.191] Server {0x2b42d5119700} ERROR: failed to create SSL 
server session
{code}

Here is what I have in my ssl_multicert.config:

{code}
ssl_cert_name=domain1.crt ssl_key_name=domain1.key
ssl_cert_name=domain2.crt ssl_key_name=domain2.key
dest_ip=* ssl_cert_name=domain3.crt ssl_key_name=domain3.key
{code}

the .crt files contain my certificate and the intermediate certificate, the ca 
is in the truststore. 

There are 3 possible dh params available in the configured certificate 
directory: dh512.pem, dh1024.pem and dh2048.pem

why did it work in 5.1.2 and is no longer working in 5.2.0?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to