Centos 5.8 and Traffic Server SSL

Fri, 22 Jul 2016 06:03:08 -0700 

I'm trying to connect and older proprietary system running on Centos 5.8 to
an internal CDN running ATS 5.3.2 via https. Somehow I can connect to a
bunch of different sites, but not to ATS.

I don't know much about SSL, but I can't get pass initial handshake which
is saying there is "no shared ciphers".

I've done what's not recommended which I enabled SSLv2/v3 (to try) and
removed the "!SSLv2" from the cypher list. I even tried using "ALL" in the
ciphers list, but nothing worked.

RC4-SHA is included in the ciphers list when I start Traffic Server.

Curl shows :

* Connected to x.x.x.x (x.x.x.x) port 443

* successfully set certificate verify locations:

*   CAfile: /etc/pki/tls/certs/ca-bundle.crt

  CApath: none

* SSLv2, Client hello (1):

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure

* Closing connection #0

curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure


traffic.out logs shows :

[Jul 22 12:52:18.902] Server {0x2b2f44504700} DEBUG: (ssl.error.accept) SSL
accept returned -1, ssl_error=1, ERR_get_error=336109761
(error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher)

[Jul 22 12:52:18.902] Server {0x2b2f44504700} DEBUG: (ssl)
SSL::47482009569024:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no
shared cipher:s3_srvr.c:1352: peer address is 192.168.49.249

[Jul 22 12:52:18.902] Server {0x2b2f44504700} DEBUG:
<SSLNetVConnection.cc:972 (sslServerHandShakeEvent)> (ssl) SSL handshake
error: SSL_ERROR_SSL (1), errno=0

[Jul 22 12:52:18.902] Server {0x2b2f44504700} DEBUG:
<SSLNetVConnection.cc:1088 (sslServerHandShakeEvent)> (ssl)
SSLNetVConnection::sslServerHandShakeEvent, SSL_ERROR_SSL


Other sites I can connect to (curl -v) :

* SSLv2, Client hello (1):

SSLv3, TLS handshake, Server hello (2):

SSLv3, TLS handshake, CERT (11):

SSLv3, TLS handshake, Server finished (14):

SSLv3, TLS handshake, Client key exchange (16):

SSLv3, TLS change cipher, Client hello (1):

SSLv3, TLS handshake, Finished (20):

SSLv3, TLS change cipher, Client hello (1):

SSLv3, TLS handshake, Finished (20):

SSL connection using RC4-SHA


Would appreciate some initial pointers on what I should be looking for.


Thanks,


Steve

Reply via email to