[
https://issues.apache.org/jira/browse/TS-3314?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14287917#comment-14287917
]
Andre commented on TS-3314:
---------------------------
That could be true :)
> SSL errors after upgrade from 5.1.2 -> 5.2.0
> --------------------------------------------
>
> Key: TS-3314
> URL: https://issues.apache.org/jira/browse/TS-3314
> Project: Traffic Server
> Issue Type: Bug
> Components: Core, SSL
> Reporter: Andre
> Assignee: Susan Hinrichs
>
> I upgraded my ATS from 5.1.2 to 5.2.0 by keeping all my config files.
> When I start the trafficserver, I do get errors in the diags.log and https
> sites do not work. Here is an extract of the diags.log:
> {code}
> [Jan 22 15:19:58.381] Server {0x2b42c3b03bc0} NOTE: loading SSL certificate
> configuration from /opt/trafficserver/etc/trafficserver/ssl_multicert.config
> [Jan 22 15:19:58.386] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source
> returned invalid parameters
> [Jan 22 15:19:58.386] Server {0x2b42c3b03bc0} ERROR: failed to load SSL
> certificate specification from
> /opt/trafficserver/etc/trafficserver/ssl_multicert.config line 57
> [Jan 22 15:19:58.391] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source
> returned invalid parameters
> [Jan 22 15:19:58.392] Server {0x2b42c3b03bc0} ERROR: failed to load SSL
> certificate specification from
> /opt/trafficserver/etc/trafficserver/ssl_multicert.config line 58
> [Jan 22 15:19:58.396] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source
> returned invalid parameters
> [Jan 22 15:19:58.397] Server {0x2b42c3b03bc0} ERROR: failed to load SSL
> certificate specification from
> /opt/trafficserver/etc/trafficserver/ssl_multicert.config line 59
> [Jan 22 15:19:58.401] Server {0x2b42c3b03bc0} ERROR: SSL dhparams source
> returned invalid parameters
> [Jan 22 15:19:58.413] Server {0x2b42c3b03bc0} NOTE: traffic server running
> [Jan 22 15:19:58.494] Server {0x2b42c9547700} NOTE: cache enabled
> [Jan 22 15:20:01.176] Server {0x2b42d4f17700} ERROR:
> SSL::47566040430336:error:140BA0C3:SSL routines:SSL_new:null ssl
> ctx:ssl_lib.c:281: peer address is 2a01:4f8:160:24ca::3
> [Jan 22 15:20:01.176] Server {0x2b42d4f17700} ERROR: failed to create SSL
> server session
> [Jan 22 15:22:19.813] Server {0x2b42d5018700} ERROR:
> SSL::47566041483008:error:140BA0C3:SSL routines:SSL_new:null ssl
> ctx:ssl_lib.c:281: peer address is 66.249.64.77
> [Jan 22 15:22:19.813] Server {0x2b42d5018700} ERROR: failed to create SSL
> server session
> [Jan 22 15:25:01.191] Server {0x2b42d5119700} ERROR:
> SSL::47566042535680:error:140BA0C3:SSL routines:SSL_new:null ssl
> ctx:ssl_lib.c:281: peer address is 2a01:4f8:160:24ca::3
> [Jan 22 15:25:01.191] Server {0x2b42d5119700} ERROR: failed to create SSL
> server session
> {code}
> Here is what I have in my ssl_multicert.config:
> {code}
> ssl_cert_name=domain1.crt ssl_key_name=domain1.key
> ssl_cert_name=domain2.crt ssl_key_name=domain2.key
> dest_ip=* ssl_cert_name=domain3.crt ssl_key_name=domain3.key
> {code}
> the .crt files contain my certificate and the intermediate certificate, the
> ca is in the truststore.
> There are 3 possible dh params available in the configured certificate
> directory: dh512.pem, dh1024.pem and dh2048.pem
> why did it work in 5.1.2 and is no longer working in 5.2.0?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
