05.12.2013 23:48, Karl Rossing kirjoitti: > I am running into the same issue below since upgrading from Centos 6.4 > to 6.5. > > I was running Pound 2.7a. I also tried with Pound 2.7b and I'm still > getting > > BIO_do_handshake with <SERVER IP>:443 failed: error:1412F152:SSL > routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe legacy renegotiation > disabled > > The <Server IP> is a windows box. I tried disabling the cyphers using > https://www.nartac.com/Products/IISCrypto/Default.aspx > and selected "Best Practices" which is pretty much the screenshot on > the page. > > I might have to restore Centos 6.4 but i would prefer not to. > > Any suggestions would be appreciated. > > Karl
CentOS just got an update for OpenSSL. I wonder if this bug is still existent. Anyone knows? jarif > > On 10/8/2012, 11:00 AM, Thomas M Steenholdt wrote: >> On 10/08/2012 11:10 AM, Thomas M Steenholdt wrote: >>> Hi there, >>> >>> I have a pound 2.6 installation with a HTTPS listener and several >>> HTTPS BackEnds. >>> >>> The HTTPS BackEnds are mostly using self-signed certificates, which >>> should be fine for our needs, but one of them is failing with the >>> error: >>> >>> pound: BIO_do_handshake with <IP ADDRESS REMOVED>:443 failed: >>> error:1412F152:SSL routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe >>> legacy renegotiation disabled >>> >>> Although I'm not sure, I guess this is an error with the certificate >>> on the BackEnd HTTPS server. But is there some way to get more >>> information on the error or perhaps just make pound ignore the error >>> all together? >>> >>> Thanks in advance. >>> >>> /Thomas >> >> Turned out to be an unpatched Windows 2003 server. The problem was >> fixed for Windows in September of 2010: >> >> http://technet.microsoft.com/en-us/security/bulletin/MS10-049 >> >> Applying this fix solved the problem. >> >> /Thomas >> >> -- >> To unsubscribe send an email with subject unsubscribe to [email protected]. >> Please contact [email protected] for questions. > > > > CONFIDENTIALITY NOTICE: This communication (including all > attachments) is > confidential and is intended for the use of the named addressee(s) > only and > may contain information that is private, confidential, privileged, and > exempt from disclosure under law. All rights to privilege are expressly > claimed and reserved and are not waived. Any use, dissemination, > distribution, copying or disclosure of this message and any > attachments, in > whole or in part, by anyone other than the intended recipient(s) is > strictly > prohibited. If you have received this communication in error, please > notify > the sender immediately, delete this communication from all data storage > devices and destroy all hard copies. > > -- > To unsubscribe send an email with subject unsubscribe to [email protected]. > Please contact [email protected] for questions. -- Jari Fredriksson Digital Identity Solutions Europe Oy tel. +358 400 779440 [email protected] -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
