Hi Karl, I only noticed yesterday that Centos now has OpenSSL 1.0.1e (I think it was) in the repository so you maybe looking in the wrong place as before it was on 0.9.8 I think.
It might be worth just double checking the versions. On 5 December 2013 21:48, Karl Rossing <[email protected]> wrote: > I am running into the same issue below since upgrading from Centos 6.4 to > 6.5. > > I was running Pound 2.7a. I also tried with Pound 2.7b and I'm still > getting > > BIO_do_handshake with <SERVER IP>:443 failed: error:1412F152:SSL > routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe legacy renegotiation disabled > > The <Server IP> is a windows box. I tried disabling the cyphers using > https://www.nartac.com/Products/IISCrypto/Default.aspx > and selected "Best Practices" which is pretty much the screenshot on the > page. > > I might have to restore Centos 6.4 but i would prefer not to. > > Any suggestions would be appreciated. > > Karl > > > On 10/8/2012, 11:00 AM, Thomas M Steenholdt wrote: > >> On 10/08/2012 11:10 AM, Thomas M Steenholdt wrote: >> >>> Hi there, >>> >>> I have a pound 2.6 installation with a HTTPS listener and several HTTPS >>> BackEnds. >>> >>> The HTTPS BackEnds are mostly using self-signed certificates, which >>> should be fine for our needs, but one of them is failing with the error: >>> >>> pound: BIO_do_handshake with <IP ADDRESS REMOVED>:443 failed: >>> error:1412F152:SSL routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe legacy >>> renegotiation disabled >>> >>> Although I'm not sure, I guess this is an error with the certificate on >>> the BackEnd HTTPS server. But is there some way to get more information on >>> the error or perhaps just make pound ignore the error all together? >>> >>> Thanks in advance. >>> >>> /Thomas >>> >> >> Turned out to be an unpatched Windows 2003 server. The problem was fixed >> for Windows in September of 2010: >> >> http://technet.microsoft.com/en-us/security/bulletin/MS10-049 >> >> Applying this fix solved the problem. >> >> /Thomas >> >> -- >> To unsubscribe send an email with subject unsubscribe to [email protected]. >> Please contact [email protected] for questions. >> > > > > CONFIDENTIALITY NOTICE: This communication (including all attachments) is > confidential and is intended for the use of the named addressee(s) only and > may contain information that is private, confidential, privileged, and > exempt from disclosure under law. All rights to privilege are expressly > claimed and reserved and are not waived. Any use, dissemination, > distribution, copying or disclosure of this message and any attachments, in > whole or in part, by anyone other than the intended recipient(s) is > strictly > prohibited. If you have received this communication in error, please > notify > the sender immediately, delete this communication from all data storage > devices and destroy all hard copies. > > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. > -- With Kind Regards. Scott McKeown Loadbalancer.org http://www.loadbalancer.org
