On Aug 6, 2013, at 4:54 PM, Reindl Harald <[email protected]> wrote:
> Hi > > anybody an idea what's wrong here? > see errors from "traffic.out" blow > trafficserver-3.2.5-3.fc19.20130803.rh.x86_64 > > finally i want paly around with having apache only on 127.0.0.1 > without mod_ssl and trafficserver making the ssl-termination, in > the first step ip-based like httpd and if possible finally with > SNI for more than one vhost, well but i do not get the basics work > > Firefox: > An error occurred during a connection to rhsoft.testserver. > Cannot communicate securely with peer: no common encryption algorithm(s). > (Error code: ssl_error_no_cypher_overlap) > ________________________________________________ > > CONFIG proxy.config.ssl.enabled INT 1 > CONFIG proxy.config.ssl.server_port INT 443 > CONFIG proxy.config.ssl.SSLv2 INT 0 > CONFIG proxy.config.ssl.SSLv3 INT 1 > CONFIG proxy.config.ssl.TLSv1 INT 1 > CONFIG proxy.config.ssl.compression INT 0 > CONFIG proxy.config.ssl.server.cipher_suite STRING > ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM:!SSLV2:!eNUL > CONFIG proxy.config.ssl.client.certification_level INT 0 > CONFIG proxy.config.ssl.server.cert.filename STRING testserver.rhsoft.net.pem > CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver/ssl > CONFIG proxy.config.ssl.server.private_key.filename STRING > testserver.rhsoft.net.pem > CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver/ssl https://cwiki.apache.org/confluence/display/TS/Upgrading+to+v3.2 records.config should be: CONFIG proxy.config.http.server_ports ssl:443 Then in ssl_multicert.config: ssl_cert_name=testserver.rhsoft.net.pem Sorry about the misleading admin documentation, I'll try to update it for the 3.4 release ... > ________________________________________________ > > [Aug 7 01:49:01.962] Server {0x2aaab5e01700} ERROR: SSL ERROR: > SSL_ServerHandShake. > [Aug 7 01:49:01.962] Server {0x2aaab5e01700} ERROR: > SSL::13:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1355: > [Aug 7 01:49:01.963] Server {0x2aaab5e01700} ERROR: SSL ERROR: > SSL_ServerHandShake. > [Aug 7 01:49:01.963] Server {0x2aaab5e01700} ERROR: > SSL::13:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1355: > [Aug 7 01:49:01.985] Server {0x2aaab5f02700} ERROR: SSL ERROR: > SSL_ServerHandShake. > [Aug 7 01:49:01.985] Server {0x2aaab5f02700} ERROR: > SSL::14:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1355: > [Aug 7 01:49:01.985] Server {0x2aaab5f02700} ERROR: SSL ERROR: > SSL_ServerHandShake. > [Aug 7 01:49:01.985] Server {0x2aaab5f02700} ERROR: > SSL::14:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1355: > [Aug 7 01:49:03.487] Server {0x2aaab7100700} ERROR: SSL ERROR: > SSL_ServerHandShake. > [Aug 7 01:49:03.488] Server {0x2aaab7100700} ERROR: > SSL::15:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1355: > [Aug 7 01:49:03.490] Server {0x2aaab7100700} ERROR: SSL ERROR: > SSL_ServerHandShake. > [Aug 7 01:49:03.490] Server {0x2aaab7100700} ERROR: > SSL::15:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1355: > [Aug 7 01:49:03.491] Server {0x2aaab7201700} ERROR: SSL ERROR: > SSL_ServerHandShake. > [Aug 7 01:49:03.491] Server {0x2aaab7201700} ERROR: > SSL::16:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1355: > [Aug 7 01:49:03.491] Server {0x2aaab7201700} ERROR: SSL ERROR: > SSL_ServerHandShake. > [Aug 7 01:49:03.491] Server {0x2aaab7201700} ERROR: > SSL::16:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no > shared cipher:s3_srvr.c:1355: > >
