----- Original Message ----- > Hi, > > I want to configure the TS as a reverse proxy which can handle HTTP
Which version of TS? > and > HTTPS traffic. I set up a map in remap.config like this: > > map https://extern.tld/ http://internal.local:7080/ > reverse_map http://internal.local:7080/ https://external.tld/ > > The relevant configuration in the records.config: > > CONFIG proxy.config.reverse_proxy.enabled INT 1 > CONFIG proxy.config.header.parse.no_host_url_redirect STRING NULL > > CONFIG proxy.config.ssl.enabled INT 1 > CONFIG proxy.config.ssl.SSLv2 INT 1 Welcome to 2011, where SSLv2 has been deprecated for more than half a decade. > CONFIG proxy.config.ssl.SSLv3 INT 1 > CONFIG proxy.config.ssl.TLSv1 INT 1 > CONFIG proxy.config.ssl.server_port INT 443 > CONFIG proxy.config.ssl.client.certification_level INT 0 > CONFIG proxy.config.ssl.server.cert.filename STRING server.pem > CONFIG proxy.config.ssl.server.cert_chain.filename STRING NULL > CONFIG proxy.config.ssl.server.cert.path STRING /etc/ssl/private/ > CONFIG proxy.config.ssl.server.private_key.filename STRING NULL > CONFIG proxy.config.ssl.server.private_key.path STRING /etc/ssl/private/ > CONFIG proxy.config.ssl.CA.cert.filename STRING NULL > CONFIG proxy.config.ssl.CA.cert.path STRING NULL Where is your private key? Is your private key encrypted? Does your certificate (server.pem) include everything? (cert, key, chain) - because nothing else is provided > > If I want to access the URL, I get the following: > $openssl s_client -debug -status -connect extern.tld:443 > > CONNECTED(00000003) > write to 0xb4aef0 [0xb4b1a8] (104 bytes => 104 (0x68)) > 0000 - 16 03 01 00 63 01 00 00-5f 03 01 4e eb 1e af 40 > ....c..._..N...@ > 0010 - 58 bc c2 4e 91 32 4b 58-80 44 5a eb 11 58 aa bd > X..N.2KX.DZ..X.. > 0020 - 9d 67 c4 a0 cd 23 17 1c-ce b3 0f 00 00 28 00 39 > .g...#.......(.9 > 0030 - 00 38 00 35 00 16 00 13-00 0a 00 33 00 32 00 2f > .8.5.......3.2./ > 0040 - 00 05 00 04 00 15 00 12-00 09 00 14 00 11 00 08 > ................ > 0050 - 00 06 00 03 00 ff 02 01-00 00 0d 00 23 00 00 00 > ............#... > 0060 - 05 00 05 01 .... > 0068 - <SPACES/NULS> > read from 0xb4aef0 [0xb64488] (7 bytes => 7 (0x7)) > 0000 - 15 03 01 00 02 02 28 ......( > 5564:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake failure:s23_clnt.c:602: > > > $curl -v -0 https://extern.tld/ > * About to connect() to dev.ejump.sic-software.tk port 443 (#0) > * Trying 193.158.63.21... connected > * successfully set certificate verify locations: > * CAfile: /usr/ssl/certs/ca-bundle.crt > CApath: none > * SSLv3, TLS handshake, Client hello (1): > * error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert > handshake failure > * Closing connection #0 > curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure > > > the traffic.out logfile says: > > Server {1080852432} ERROR: SSL ERROR: SSL_ServerHandShake. > Server {1080852432} ERROR: SSL::0:error:1408A0C1:SSL > routines:SSL3_GET_CLIENT_HELLO:no shared cipher:s3_srvr.c:1226: > > > Whats going wrong here? I can't track it down to to problem :( > HTTP traffic works just fine. > > Aaron i -- Igor Galić Tel: +43 (0) 664 886 22 883 Mail: [email protected] URL: http://brainsware.org/ GPG: 6880 4155 74BD FD7C B515 2EA5 4B1D 9E08 A097 C9AE
