Am 07.08.2013 05:45, schrieb Leif Hedstrom: > On Aug 7, 2013, at 1:54 AM, Reindl Harald <[email protected]> wrote: > >> anybody an idea what's wrong here? >> see errors from "traffic.out" blow >> trafficserver-3.2.5-3.fc19.20130803.rh.x86_64 >> >> finally i want paly around with having apache only on 127.0.0.1 >> without mod_ssl and trafficserver making the ssl-termination, in >> the first step ip-based like httpd and if possible finally with >> SNI for more than one vhost, well but i do not get the basics work >> >> Firefox: >> An error occurred during a connection to rhsoft.testserver. >> Cannot communicate securely with peer: no common encryption algorithm(s). >> (Error code: ssl_error_no_cypher_overlap) > > I've typically seen these types of errors if no certificates are loaded.
and that is why i posted the used config snippet because i am trying this the first time, the documentation is poor (cipher params) and there are several bugreports stating this behavior without SNI but they should be fixed in the recent version on the other hand the docs do not state how to configure ATS for SNI nor how do you configure *different* domains with different certificates and different IP's aka ip-based vhost what i try to figure out is what config would be needed if we decide sooner or later ATS in front of SSL websites and if it is possible giving the ATS machine the ip-addresses of the sites in question and let it connect unecncrypted to the origin server which would stay with a single IP from this moment BTW: the certifictae has the same permissions as any other ATS config > Maybe check your logs there is nothing except the whining of read-only /etc
signature.asc
Description: OpenPGP digital signature
