okt 27 17:00:47 dmz-kraken-1 pound[7383]: BIO_do_handshake with 192.168.250.101:443 failed: error:1412F152:SSL routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe legacy renegotiation disabled
okt 27 17:00:47 dmz-kraken-1 pound[7383]: BIO_do_handshake with 192.168.250.101:443 failed: error:1412F152:SSL routines:SSL_PARSE_SERVERHELLO_TLSEXT:unsafe legacy renegotiation disabled
/Maciej
Fra:
Scott McKeown <[email protected]>
Til:
Pound Mailing List
<[email protected]>
Dato:
27-10-2015 15:46
Emne:
Re: [Pound Mailing
List] SSL Backend not responding after upgrade from 2.6 to 2.7
Hi Maciej,
If you backends are using HTTPS or a cert you should set the 'HTTPS' flag in the backend section of your pound configuration file.
HTTPS [ "cert" ]
The back-end is using HTTPS. If the optional parameter cert is specified, Pound will present this certificate to the back-end.
On 27 October 2015 at 14:17, Maciej Szeliga <[email protected]> wrote:
Hi
I've just upgraded our pound from ver. 2.6 to ver. 2.7
After this upgrade we are not able to connect to an older SSLv3 backend with https
pound.cfg has Disable SSL2 and Disable SSL3 statements but afaik this only affected the frontend.
Is this a new feature (and is there a way to disable it) ?
The backend is running with a "fake" certificate, not a self signed but signed by a nonexisting CA, it has however been working on pound ver. 2.6
NB. The backend can't be reconfigured to run http easily.
/Maciej -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
--
With Kind Regards.
Scott McKeown
Loadbalancer.org
http://www.loadbalancer.org
Tel (UK) - +44 (0) 3303801064 (24x7)
Tel (US) - +1 888.867.9504 (Toll Free)(24x7)
-- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
