> On Apr 16, 2016, at 4:38 PM, Leif Hedstrom <[email protected]> wrote: > >> >> On Apr 16, 2016, at 4:33 PM, Reindl Harald <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> >> Am 17.04.2016 um 00:24 schrieb Leif Hedstrom: >>> >>>> On Apr 16, 2016, at 11:16 AM, Reindl Harald <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> >>>> Am 16.04.2016 um 18:46 schrieb Phil Sorber: >>>>> Ok, here is my final plan then. I am going to mark them all deprecated >>>>> for 6.2.x. >>>> >>>> when you are at it fix the problem that ATS is the only TLS webserver out >>>> there which can't be benchmarked with "ab" reported by my *over years* >>>> multiple times while none of the httpd-servers with TLS have SSL2/SSL3 >>>> enabled becuas efrankly our openssl has no support für anything below >>>> TLS1.0 at all >>> >>> I’m not sure what problem exactly you are pointing at here. Is it a bug in >>> ab? Is it a bug in your OpenSSL implementation? Fwiw, I’ve never been able >>> to reproduce this, e.g. this works just fine on CentOS7 (and I have SSL v2 >>> and v3 disabled, of course): >>> >>> $ ab -c 5 -n 100 https://docs.trafficserver.apache.org/ >>> <https://docs.trafficserver.apache.org/> >>> >>> Server Software: ATS/6.2.0 >>> Server Hostname: docs.trafficserver.apache.org >>> <http://docs.trafficserver.apache.org/> >>> Server Port: 443 >>> SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128 >>> >>> Document Path: / >>> Document Length: 229 bytes >>> >>> Concurrency Level: 5 >>> Time taken for tests: 2.758 seconds >>> … >>> >>> Looking at your error messages, it sounds like your ab is trying to use SSL >>> v3, which (hopefully?) is disabled on your ATS box? >> >> i *never* was able to benchmark my ATS box in the last 4 years and SSL 3 is >> for sure disabled - as said: openssl on Fedora even don't support it any >> longer at all >> >> i *never* had a problem to benchmark of any httpd box the last 13 years >> >> so what gives you ab -c 5 -n 100 https://www.thelounge.net/ >> <https://www.thelounge.net/> on your client? > > It fails too from that CentOS7 box to your box. > >> >> >> [harry@srv-rhsoft:~]$ ab -c 5 -n 100 https://docs.trafficserver.apache.org/ >> <https://docs.trafficserver.apache.org/> >> This is ApacheBench, Version 2.3 <$Revision: 1706008 $> >> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ >> <http://www.zeustech.net/> >> Licensed to The Apache Software Foundation, http://www.apache.org/ >> <http://www.apache.org/> >> >> Benchmarking docs.trafficserver.apache.org >> <http://docs.trafficserver.apache.org/> (be patient)...^C >> >> Server Software: ATS/6.2.0 >> Server Hostname: docs.trafficserver.apache.org >> <http://docs.trafficserver.apache.org/> >> Server Port: 443 >> SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128 >
I did the same test against https://www.ogre.com/ as well, which also runs ATS 6.2, on Fedora 22 (stock OpenSSL). It does not reproduce your problem either :/. — leif
