Am 17.04.2016 um 01:26 schrieb Leif Hedstrom:
On Apr 16, 2016, at 4:56 PM, Reindl Harald <[email protected] <mailto:[email protected]>> wrote:Am 17.04.2016 um 00:52 schrieb Leif Hedstrom:On Apr 16, 2016, at 4:44 PM, Reindl Harald <[email protected] <mailto:[email protected]>> wrote: Am 17.04.2016 um 00:38 schrieb Leif Hedstrom:so what gives you ab -c 5 -n 100https://www.thelounge.net/on <http://www.thelounge.net/on> your client?It fails too from that CentOS7 box to your box.[harry@srv-rhsoft:~]$ ab -c 5 -n 100https://docs.trafficserver.apache.org/ <http://docs.trafficserver.apache.org/> This is ApacheBench, Version 2.3 <$Revision: 1706008 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd,http://www.zeustech.net/ Licensed to The Apache Software Foundation,http://www.apache.org/ Benchmarkingdocs.trafficserver.apache.org <http://benchmarkingdocs.trafficserver.apache.org> <http://docs.trafficserver.apache.org/>(be patient)...^C Server Software: ATS/6.2.0 Server Hostname: docs.trafficserver.apache.org <http://docs.trafficserver.apache.org/> Server Port: 443 SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128So it seems your ab works against this CentOS7 box running ATS v6.2.0 ?yesWhat version of OpenSSL did you build ATS with? I am running docs.trafficserver.a.o with OpenSSL v1.0.2g if I recall (latest stable release)seems not matter that much since i have this issue for years now and the httpd servers are built in the same environments with the same libraries and don't have that issueWonder if it could be one of those -f compiler flags? I’m attaching my config.nice that I run on docs.trafficserver, this compiles with ASAN though, so you likely want to remove that at least (if you are willing to try).i will give it a try ASAP, however the whole web and mail stack is built with that flags (based on the flags below which are %{optflags} and only ATS has the specific problemYeah, it seems odd that it’d break like that because of compiler flags. But I honestly have no other ideas as to why it breaks on your system, and not mine :-/. Can anyone else confirm or deny this breakage on their installs?
just a notice again before i try to build with other flags _____________________________________________ https://www.ssllabs.com/ssltest/ docs.trafficserver.apache.org: SSL 2 handshake compatibility Yes www.thelounge.net: SSL 2 handshake compatibility No _____________________________________________ CONFIG proxy.config.ssl.SSLv2 INT 0 CONFIG proxy.config.ssl.SSLv3 INT 0 CONFIG proxy.config.ssl.TLSv1 INT 1 CONFIG proxy.config.ssl.TLSv1_1 INT 1 CONFIG proxy.config.ssl.TLSv1_2 INT 1 CONFIG proxy.config.ssl.client.certification_level INT 0CONFIG proxy.config.ssl.server.multicert.filename STRING ssl_multicert.config
CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver/ssl/CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver/ssl/
CONFIG proxy.config.ssl.CA.cert.path STRING /etc/trafficserver/ssl/CONFIG proxy.config.ssl.server.cipher_suite STRING ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECD$
CONFIG proxy.config.ssl.server.honor_cipher_order INT 1CONFIG proxy.config.ssl.server.dhparams_file STRING /etc/trafficserver/ssl/dhparams.pem
signature.asc
Description: OpenPGP digital signature
