Re: Deprecation of SSL v2/3

Sat, 16 Apr 2016 15:34:36 -0700 


Am 17.04.2016 um 00:24 schrieb Leif Hedstrom:



On Apr 16, 2016, at 11:16 AM, Reindl Harald <[email protected]> wrote:


Am 16.04.2016 um 18:46 schrieb Phil Sorber:

Ok, here is my final plan then. I am going to mark them all deprecated
for 6.2.x.


when you are at it fix the problem that ATS is the only TLS webserver out there which 
can't be benchmarked with "ab" reported by my *over years* multiple times while 
none of the httpd-servers with TLS have SSL2/SSL3 enabled becuas efrankly our openssl has 
no support für anything below TLS1.0 at all


I’m not sure what problem exactly you are pointing at here.  Is it a bug in ab? 
Is it a bug in your OpenSSL implementation?  Fwiw, I’ve never been able to 
reproduce this, e.g. this works just fine on CentOS7 (and I have SSL v2 and v3 
disabled, of course):

$ ab -c 5 -n 100 https://docs.trafficserver.apache.org/

Server Software:        ATS/6.2.0
Server Hostname:        docs.trafficserver.apache.org
Server Port:            443
SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128

Document Path:          /
Document Length:        229 bytes

Concurrency Level:      5
Time taken for tests:   2.758 seconds
…

Looking at your error messages, it sounds like your ab is trying to use SSL v3, 
which (hopefully?) is disabled on your ATS box?



i *never* was able to benchmark my ATS box in the last 4 years and SSL 3 
is for sure disabled - as said: openssl on Fedora even don't support it 
any longer at all


i *never* had a problem to benchmark of any httpd box the last 13 years

so what gives you ab -c 5 -n 100 https://www.thelounge.net/ on your client?


[harry@srv-rhsoft:~]$ ab -c 5 -n 100 https://docs.trafficserver.apache.org/
This is ApacheBench, Version 2.3 <$Revision: 1706008 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking docs.trafficserver.apache.org (be patient)...^C

Server Software:        ATS/6.2.0
Server Hostname:        docs.trafficserver.apache.org
Server Port:            443
SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128
____________________________________

from a centos 7 machine the same problem

ab -c 5 -n 100 https://www.thelounge.net/

This is ApacheBench, Version 2.3 <$Revision: 1430300 $> 




Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ 




Licensed to The Apache Software Foundation, http://www.apache.org/ 







Benchmarking www.thelounge.net (be patient)...SSL handshake failed (1). 




139628279273248:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 
alert handshake failure:s23_clnt.c:744: 


SSL handshake failed (1).




Attachment:
signature.asc

Description: OpenPGP digital signature























					Reply via email to