[ https://issues.apache.org/jira/browse/TS-3314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287917#comment-14287917 ]
Andre commented on TS-3314: --------------------------- That could be true :) > SSL errors after upgrade from 5.1.2 -> 5.2.0 > -------------------------------------------- > > Key: TS-3314 > URL: https://issues.apache.org/jira/browse/TS-3314 > Project: Traffic Server > Issue Type: Bug > Components: Core, SSL > Reporter: Andre > Assignee: Susan Hinrichs > > I upgraded my ATS from 5.1.2 to 5.2.0 by keeping all my config files. > When I start the trafficserver, I do get errors in the diags.log and https > sites do not work. Here is an extract of the diags.log: > {code} > [Jan 22 15:19:58.381] Server {0x2b42c3b03bc0} NOTE: loading SSL certificate > configuration from /opt/trafficserver/etc/trafficserver/ssl_multicert.config > [Jan 22 15:19:58.386] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source > returned invalid parameters > [Jan 22 15:19:58.386] Server {0x2b42c3b03bc0} ERROR: failed to load SSL > certificate specification from > /opt/trafficserver/etc/trafficserver/ssl_multicert.config line 57 > [Jan 22 15:19:58.391] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source > returned invalid parameters > [Jan 22 15:19:58.392] Server {0x2b42c3b03bc0} ERROR: failed to load SSL > certificate specification from > /opt/trafficserver/etc/trafficserver/ssl_multicert.config line 58 > [Jan 22 15:19:58.396] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source > returned invalid parameters > [Jan 22 15:19:58.397] Server {0x2b42c3b03bc0} ERROR: failed to load SSL > certificate specification from > /opt/trafficserver/etc/trafficserver/ssl_multicert.config line 59 > [Jan 22 15:19:58.401] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source > returned invalid parameters > [Jan 22 15:19:58.413] Server {0x2b42c3b03bc0} NOTE: traffic server running > [Jan 22 15:19:58.494] Server {0x2b42c9547700} NOTE: cache enabled > [Jan 22 15:20:01.176] Server {0x2b42d4f17700} ERROR: > SSL::47566040430336:error:140BA0C3:SSL routines:SSL_new:null ssl > ctx:ssl_lib.c:281: peer address is 2a01:4f8:160:24ca::3 > [Jan 22 15:20:01.176] Server {0x2b42d4f17700} ERROR: failed to create SSL > server session > [Jan 22 15:22:19.813] Server {0x2b42d5018700} ERROR: > SSL::47566041483008:error:140BA0C3:SSL routines:SSL_new:null ssl > ctx:ssl_lib.c:281: peer address is 66.249.64.77 > [Jan 22 15:22:19.813] Server {0x2b42d5018700} ERROR: failed to create SSL > server session > [Jan 22 15:25:01.191] Server {0x2b42d5119700} ERROR: > SSL::47566042535680:error:140BA0C3:SSL routines:SSL_new:null ssl > ctx:ssl_lib.c:281: peer address is 2a01:4f8:160:24ca::3 > [Jan 22 15:25:01.191] Server {0x2b42d5119700} ERROR: failed to create SSL > server session > {code} > Here is what I have in my ssl_multicert.config: > {code} > ssl_cert_name=domain1.crt ssl_key_name=domain1.key > ssl_cert_name=domain2.crt ssl_key_name=domain2.key > dest_ip=* ssl_cert_name=domain3.crt ssl_key_name=domain3.key > {code} > the .crt files contain my certificate and the intermediate certificate, the > ca is in the truststore. > There are 3 possible dh params available in the configured certificate > directory: dh512.pem, dh1024.pem and dh2048.pem > why did it work in 5.1.2 and is no longer working in 5.2.0? -- This message was sent by Atlassian JIRA (v6.3.4#6332)