> On Oct 20, 2014, at 8:49 AM, Reindl Harald <[email protected]> wrote: > > HTTPD: SSL 2 handshake compatibility Yes > TS: SSL 2 handshake compatibility No >
We disabled SSLv2 by default on TS-787, Tue May 17 15:34:41 2011. > can that be the reason "ab -c 100 -n 100000" fails to a ATS? > keep in mind that don't mean sslv3 or even sslv2 are enabled! Not really sure about that, but should be easy to test when I get a minute. > > HTTPD: Heartbeat (extension) Yes > TS: Heartbeat (extension) No > > how does ATS that using the same openssl binaries? > "OPENSSL_NO_HEARTBEATS=1" as ENV don't disable it for httpd You need to set OPENSSL_NO_HEARTBEATS=1 at OpenSSL build time. I don't know why we would not be vulnerable to heartbleed with a vulnerable OpenSSL version. I poked around in OpenSSL and mod_ssl for a while and AFAICT heart beats are enabled by default. I didn't see any special knob that would turn it on. J
