Am 25.04.2016 um 15:54 schrieb Leif Hedstrom:
On Apr 25, 2016, at 4:47 AM, Reindl Harald <[email protected]> wrote:i will give it a try ASAP, however the whole web and mail stack is built with that flags (based on the flags below which are %{optflags} and only ATS has the specific problemYeah, it seems odd that it’d break like that because of compiler flags. But I honestly have no other ideas as to why it breaks on your system, and not mine :-/. Can anyone else confirm or deny this breakage on their installs?just a notice again before i try to build with other flags _____________________________________________ https://www.ssllabs.com/ssltest/ docs.trafficserver.apache.org: SSL 2 handshake compatibility Yes www.thelounge.net: SSL 2 handshake compatibility NoDouble checked the docs.trafficserver configs: [root@docs ~]# traffic_ctl config match proxy.config.ssl.SSLv proxy.config.ssl.SSLv2: 0 proxy.config.ssl.SSLv3: 0 I have no idea what this means, is there something in here that makes it properly detect that we handle V2, but do not negotiate it?
i have both at the same valuesince i am not the TLS internals guru i can't say what goes wrong and where, my httpd servers have "SSL 2 handshake compatibility Yes" and my ATS servers never had
but that pretty sure explains "140575331768288:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:769" which don't happen to my other servers
given that this is for years now, don't happen on identical virtual machine clones running httpd instead ATS for me ATS is guilty and not any other piece in the stack
not sure what "s23_clnt.c:769" means since there is no "s23_clnt.c" in the httpd source tarball from which "ab" at the end is built
signature.asc
Description: OpenPGP digital signature
