On 10/08/2012 11:10 AM, Thomas M Steenholdt wrote:
Hi there,
I have a pound 2.6 installation with a HTTPS listener and several
HTTPS BackEnds.
The HTTPS BackEnds are mostly using self-signed certificates, which
should be fine for our needs, but one of them is failing with the error:
pound: BIO_do_handshake with <IP ADDRESS REMOVED>:443 failed:
error:1412F152:SSL routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe legacy
renegotiation disabled
Although I'm not sure, I guess this is an error with the certificate
on the BackEnd HTTPS server. But is there some way to get more
information on the error or perhaps just make pound ignore the error
all together?
Thanks in advance.
/Thomas
Turned out to be an unpatched Windows 2003 server. The problem was fixed
for Windows in September of 2010:
http://technet.microsoft.com/en-us/security/bulletin/MS10-049
Applying this fix solved the problem.
/Thomas
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
