I have set client server verification to 'no'
CONFIG proxy.config.ssl.client.verify.server INT 0
and this time things went fie and ATS worked as forward proxy.
So looks like client verification failure in server side only I guess ?
Thanks
~S
On 22 February 2018 at 01:14, Susan Hinrichs wrote:
Hi,
I have a problem - from time to time my ATS 7.2.1 has problems with serving
static files from origin, client transactions last over 10s and I see the
following diagnostic (I have enabled logging "slow requests")
cache_open_read_begin: 0.000 cache_open_read_end: 10.640
Any requests to the sa
I would assume that your CA files are not set correctly for ATS to verify
the origin certificates sent to it.
proxy.config.ssl.client.CA.cert.filename and
proxy.config.ssl.client.CA.cert.path. If you don't care about having ATS
verify the origin certificates, you can leave the
proxy.config.ssl.cli
I wanted to have MTLS proxy. Hence we have to have client cert verification
in server side. So proxy.config.ssl.client.CA.cert.filename and
proxy.config.ssl.client.CA.cert.path are set
I have verified tomcat certificate ( which is what client is using for
connection ) using ca.pem in the server an
Alan also pointed out that you are running ATS 6.x. Could you try your
test scenario on ATS 7.1.2? We've made considerable cleanup on the TLS
handshake and more debugging in the client cert verification.
Looking at your pcap file and your logs, it appears that the certs are
being exchanged. Bot
It would be a big task to change the ATS to 7.x in my server and do the
test. And this particular issue actually happened in our production
environment.
Thanks
~S
On 22 February 2018 at 22:16, Susan Hinrichs wrote:
> Alan also pointed out that you are running ATS 6.x. Could you try your
> test
You cannot try 7.1.x in your test environment?
On Thu, Feb 22, 2018 at 11:00 AM, salil GK wrote:
> It would be a big task to change the ATS to 7.x in my server and do the
> test. And this particular issue actually happened in our production
> environment.
>
> Thanks
> ~S
>
> On 22 February 2018
