In case anyone else experiences this on RHEL 5, we updated our OpenSSL library to the latest and so far haven't seen this issue again.
Pete Walsh Software Engineer 206-664-4150 From: users-return-1966-Peter.Walsh=disney....@trafficserver.apache.org [mailto:users-return-1966-Peter.Walsh=disney....@trafficserver.apache.org] On Behalf Of Walsh, Peter Sent: Tuesday, August 07, 2012 1:35 PM To: [email protected] Subject: SSL Error on RHEL 5, wrong cipher returned Hello all, We recently experienced an issue in which our ATS instances got into a bad state and requests to origin servers over https began failing. The traffic.out log file has many SSL Errors regarding a wrong cipher returned (see below). Restarting traffic server resolved this issue. We have only seen this a few times and are unable to reproduce it ourselves. Has anyone experienced this? In doing some research I uncovered several mentions of thread safety issues with open SSL that that could lead to this type of error. However, we've been unable to pin point an open SSL patch that gives us high degree of confidence that upgrading our open SSL fixes this and since it doesn't happen often and we can't reproduce it, there isn't a way to verify the bug is gone. traffic.out Log Snippet: [Aug 6 14:38:02.261] Server {1103939904} ERROR: SSL::9:error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong cipher returned:s3_clnt.c:744: [Aug 6 14:38:02.263] Server {1103939904} ERROR: SSL ERROR: sslClientHandShakeEvent. Error.log snippet (with our IP's, host and paths removed): 20120806.13h07m22s CONNECT:[1] could not connect [CONNECTION_ERROR] to <insert IP here> for 'https://<<https://%3chost>insert host and path>' 20120806.13h07m22s CONNECT:[2] could not connect [CONNECTION_ERROR] to <insert IP here> for 'https://<<https://%3chost>insert host and path>' 20120806.13h07m22s RESPONSE: sent 0.0.0.0 status 502 (Connect Error <Success/0>) for 'https://<<https://%3chost>insert host and path>'
