Hello all,
We recently experienced an issue in which our ATS instances got into a bad
state and requests to origin servers over https began failing. The
traffic.out log file has many SSL Errors regarding a wrong cipher returned (see
below). Restarting traffic server resolved this issue. We have only seen this
a few times and are unable to reproduce it ourselves.
Has anyone experienced this?
In doing some research I uncovered several mentions of thread safety issues
with open SSL that that could lead to this type of error. However, we've been
unable to pin point an open SSL patch that gives us high degree of confidence
that upgrading our open SSL fixes this and since it doesn't happen often and we
can't reproduce it, there isn't a way to verify the bug is gone.
traffic.out Log Snippet:
[Aug 6 14:38:02.261] Server {1103939904} ERROR: SSL::9:error:14092105:SSL
routines:SSL3_GET_SERVER_HELLO:wrong cipher returned:s3_clnt.c:744:
[Aug 6 14:38:02.263] Server {1103939904} ERROR: SSL ERROR:
sslClientHandShakeEvent.
Error.log snippet (with our IP's, host and paths removed):
20120806.13h07m22s CONNECT:[1] could not connect [CONNECTION_ERROR] to <insert
IP here> for 'https://<<https://<host>insert host and path>'
20120806.13h07m22s CONNECT:[2] could not connect [CONNECTION_ERROR] to <insert
IP here> for 'https://<<https://<host>insert host and path>'
20120806.13h07m22s RESPONSE: sent 0.0.0.0 status 502 (Connect Error
<Success/0>) for 'https://<<https://<host>insert host and path>'
