Huh. That doesn't seem right, I'll take a look in a bit. Thanks! -- Leif
> On Apr 25, 2016, at 3:33 AM, Reindl Harald <[email protected]> wrote: > > > Am 17.04.2016 um 01:26 schrieb Leif Hedstrom: >>> On Apr 16, 2016, at 4:56 PM, Reindl Harald <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Am 17.04.2016 um 00:52 schrieb Leif Hedstrom: >>>>> On Apr 16, 2016, at 4:44 PM, Reindl Harald <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> Am 17.04.2016 um 00:38 schrieb Leif Hedstrom: >>>>>>> so what gives you ab -c 5 -n 100https://www.thelounge.net/on >>>>>>> <http://www.thelounge.net/on> your client? >>>>>> >>>>>> It fails too from that CentOS7 box to your box. >>>>>>> >>>>>>> [harry@srv-rhsoft:~]$ ab -c 5 -n >>>>>>> 100https://docs.trafficserver.apache.org/ >>>>>>> <http://docs.trafficserver.apache.org/> >>>>>>> This is ApacheBench, Version 2.3 <$Revision: 1706008 $> >>>>>>> Copyright 1996 Adam Twiss, Zeus Technology >>>>>>> Ltd,http://www.zeustech.net/ >>>>>>> Licensed to The Apache Software Foundation,http://www.apache.org/ >>>>>>> >>>>>>> Benchmarkingdocs.trafficserver.apache.org >>>>>>> <http://benchmarkingdocs.trafficserver.apache.org> >>>>>>> <http://docs.trafficserver.apache.org/>(be patient)...^C >>>>>>> >>>>>>> Server Software: ATS/6.2.0 >>>>>>> Server Hostname: docs.trafficserver.apache.org >>>>>>> <http://docs.trafficserver.apache.org/> >>>>>>> Server Port: 443 >>>>>>> SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128 >>>>>> >>>>>> So it seems your ab works against this CentOS7 box running ATS v6.2.0 ? >>>>> >>>>> yes >>>>> >>>>>> What version of OpenSSL did you build ATS with? I am running >>>>>> docs.trafficserver.a.o with OpenSSL v1.0.2g if I recall (latest stable >>>>>> release) >>>>> >>>>> seems not matter that much since i have this issue for years now and >>>>> the httpd servers are built in the same environments with the same >>>>> libraries and don't have that issue >>>> >>>> Wonder if it could be one of those -f compiler flags? I’m attaching >>>> my config.nice that I run on docs.trafficserver, this compiles with >>>> ASAN though, so you likely want to remove that at least (if you are >>>> willing to try). >>> >>> i will give it a try ASAP, however the whole web and mail stack is >>> built with that flags (based on the flags below which are %{optflags} >>> and only ATS has the specific problem >> >> Yeah, it seems odd that it’d break like that because of compiler flags. >> But I honestly have no other ideas as to why it breaks on your system, >> and not mine :-/. Can anyone else confirm or deny this breakage on their >> installs? > > just a notice again before i try to build with other flags > _____________________________________________ > > https://www.ssllabs.com/ssltest/ > > docs.trafficserver.apache.org: > SSL 2 handshake compatibility Yes > > www.thelounge.net: > SSL 2 handshake compatibility No > _____________________________________________ > > CONFIG proxy.config.ssl.SSLv2 INT 0 > CONFIG proxy.config.ssl.SSLv3 INT 0 > CONFIG proxy.config.ssl.TLSv1 INT 1 > CONFIG proxy.config.ssl.TLSv1_1 INT 1 > CONFIG proxy.config.ssl.TLSv1_2 INT 1 > CONFIG proxy.config.ssl.client.certification_level INT 0 > CONFIG proxy.config.ssl.server.multicert.filename STRING ssl_multicert.config > CONFIG proxy.config.ssl.server.cert.path STRING /etc/trafficserver/ssl/ > CONFIG proxy.config.ssl.server.private_key.path STRING /etc/trafficserver/ssl/ > CONFIG proxy.config.ssl.CA.cert.path STRING /etc/trafficserver/ssl/ > CONFIG proxy.config.ssl.server.cipher_suite STRING > ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECD$ > CONFIG proxy.config.ssl.server.honor_cipher_order INT 1 > CONFIG proxy.config.ssl.server.dhparams_file STRING > /etc/trafficserver/ssl/dhparams.pem >
