[
https://issues.apache.org/jira/browse/TS-3451?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14367158#comment-14367158
]
Susan Hinrichs edited comment on TS-3451 at 3/18/15 2:10 PM:
-------------------------------------------------------------
Finally remembered that I needed to restart traffic_server to get sslv3 to
disable not just do traffic_line -x. So now I am really running in production
with SSLv3 disabled. Verified with "openssl s_client -ssl3". With the
debugging messages enabled in 5.2, I am seeing many SSL3_GET_CLIENT_HELLO:wrong
version number messages. They dominate the inappropriate fallback messages.
Running for 5 minutes, the ssl_error_ssl percentage for 5.2 is 0.05%. Before
really disabling SSLv3, we were seeing an error rate around 0.025%
was (Author: shinrich):
Finally remembered that I needed to restart traffic_server to get sslv3 to
disable not just do traffic_line -x. So now I am really running in production
with SSLv3 disabled. Verified with "openssl s_client -ssl3". With the
debugging messages enabled in 5.2, I am seeing many SSL3_GET_CLIENT_HELLO:wrong
version number messages. They dominate the inappropriate fallback messages.
Running for 5 minutes, the ssl_error_ssl percentage for 5.2 is 0.05%
> SSL_ERROR_SSL increases moving from 5.0 to 5.2
> ----------------------------------------------
>
> Key: TS-3451
> URL: https://issues.apache.org/jira/browse/TS-3451
> Project: Traffic Server
> Issue Type: Bug
> Components: SSL
> Reporter: Susan Hinrichs
> Assignee: Brian Geffon
>
> I'm creating a new bug to track the SSL_ERROR_SSL issues that [~briang] is
> seeing beyond the handshake buffer errors causing the "decryption failed or
> bad record mac" messages described in TS-3424.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
