> On Apr 25, 2016, at 4:47 AM, Reindl Harald <[email protected]> wrote: > > > > Am 25.04.2016 um 11:33 schrieb Reindl Harald: >> >> Am 17.04.2016 um 01:26 schrieb Leif Hedstrom: >>>> On Apr 16, 2016, at 4:56 PM, Reindl Harald <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Am 17.04.2016 um 00:52 schrieb Leif Hedstrom: >>>>>> On Apr 16, 2016, at 4:44 PM, Reindl Harald <[email protected] >>>>>> <mailto:[email protected]>> wrote: >>>>>> >>>>>> Am 17.04.2016 um 00:38 schrieb Leif Hedstrom: >>>>>>>> so what gives you ab -c 5 -n 100https://www.thelounge.net/on >>>>>>>> <http://www.thelounge.net/on> your client? >>>>>>> >>>>>>> It fails too from that CentOS7 box to your box. >>>>>>>> >>>>>>>> [harry@srv-rhsoft:~]$ ab -c 5 -n >>>>>>>> 100https://docs.trafficserver.apache.org/ >>>>>>>> <http://docs.trafficserver.apache.org/> >>>>>>>> This is ApacheBench, Version 2.3 <$Revision: 1706008 $> >>>>>>>> Copyright 1996 Adam Twiss, Zeus Technology >>>>>>>> Ltd,http://www.zeustech.net/ >>>>>>>> Licensed to The Apache Software Foundation,http://www.apache.org/ >>>>>>>> >>>>>>>> Benchmarkingdocs.trafficserver.apache.org >>>>>>>> <http://benchmarkingdocs.trafficserver.apache.org> >>>>>>>> <http://docs.trafficserver.apache.org/>(be patient)...^C >>>>>>>> >>>>>>>> Server Software: ATS/6.2.0 >>>>>>>> Server Hostname: docs.trafficserver.apache.org >>>>>>>> <http://docs.trafficserver.apache.org/> >>>>>>>> Server Port: 443 >>>>>>>> SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128 >>>>>>> >>>>>>> So it seems your ab works against this CentOS7 box running ATS >>>>>>> v6.2.0 ? >>>>>> >>>>>> yes >>>>>> >>>>>>> What version of OpenSSL did you build ATS with? I am running >>>>>>> docs.trafficserver.a.o with OpenSSL v1.0.2g if I recall (latest >>>>>>> stable >>>>>>> release) >>>>>> >>>>>> seems not matter that much since i have this issue for years now and >>>>>> the httpd servers are built in the same environments with the same >>>>>> libraries and don't have that issue >>>>> >>>>> Wonder if it could be one of those -f compiler flags? I’m attaching >>>>> my config.nice that I run on docs.trafficserver, this compiles with >>>>> ASAN though, so you likely want to remove that at least (if you are >>>>> willing to try). >>>> >>>> i will give it a try ASAP, however the whole web and mail stack is >>>> built with that flags (based on the flags below which are %{optflags} >>>> and only ATS has the specific problem >>> >>> Yeah, it seems odd that it’d break like that because of compiler flags. >>> But I honestly have no other ideas as to why it breaks on your system, >>> and not mine :-/. Can anyone else confirm or deny this breakage on their >>> installs? >> >> just a notice again before i try to build with other flags >> _____________________________________________ >> >> https://www.ssllabs.com/ssltest/ >> >> docs.trafficserver.apache.org: >> SSL 2 handshake compatibility Yes >> >> www.thelounge.net: >> SSL 2 handshake compatibility No
Double checked the docs.trafficserver configs: [root@docs ~]# traffic_ctl config match proxy.config.ssl.SSLv proxy.config.ssl.SSLv2: 0 proxy.config.ssl.SSLv3: 0 I have no idea what this means, is there something in here that makes it properly detect that we handle V2, but do not negotiate it? — Leif
