I am running into the same issue below since upgrading from Centos 6.4
to 6.5.
I was running Pound 2.7a. I also tried with Pound 2.7b and I'm still getting
BIO_do_handshake with <SERVER IP>:443 failed: error:1412F152:SSL
routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe legacy renegotiation disabled
The <Server IP> is a windows box. I tried disabling the cyphers using
https://www.nartac.com/Products/IISCrypto/Default.aspx
and selected "Best Practices" which is pretty much the screenshot on the
page.
I might have to restore Centos 6.4 but i would prefer not to.
Any suggestions would be appreciated.
Karl
On 10/8/2012, 11:00 AM, Thomas M Steenholdt wrote:
On 10/08/2012 11:10 AM, Thomas M Steenholdt wrote:
Hi there,
I have a pound 2.6 installation with a HTTPS listener and several
HTTPS BackEnds.
The HTTPS BackEnds are mostly using self-signed certificates, which
should be fine for our needs, but one of them is failing with the error:
pound: BIO_do_handshake with <IP ADDRESS REMOVED>:443 failed:
error:1412F152:SSL routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe
legacy renegotiation disabled
Although I'm not sure, I guess this is an error with the certificate
on the BackEnd HTTPS server. But is there some way to get more
information on the error or perhaps just make pound ignore the error
all together?
Thanks in advance.
/Thomas
Turned out to be an unpatched Windows 2003 server. The problem was
fixed for Windows in September of 2010:
http://technet.microsoft.com/en-us/security/bulletin/MS10-049
Applying this fix solved the problem.
/Thomas
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
CONFIDENTIALITY NOTICE: This communication (including all attachments) is
confidential and is intended for the use of the named addressee(s) only and
may contain information that is private, confidential, privileged, and
exempt from disclosure under law. All rights to privilege are expressly
claimed and reserved and are not waived. Any use, dissemination,
distribution, copying or disclosure of this message and any attachments, in
whole or in part, by anyone other than the intended recipient(s) is strictly
prohibited. If you have received this communication in error, please notify
the sender immediately, delete this communication from all data storage
devices and destroy all hard copies.
--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.
