You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@trafficserver.apache.org by "Marcus Clyne (JIRA)" <ji...@apache.org> on 2010/03/24 16:37:27 UTC
[jira] Created: (TS-274) SSL Handshake not work properly
SSL Handshake not work properly
-------------------------------
Key: TS-274
URL: https://issues.apache.org/jira/browse/TS-274
Project: Traffic Server
Issue Type: Bug
Affects Versions: 2.1.0, 2.0.1
Environment: Debian, Linux 2.6.18 32-bit
Reporter: Marcus Clyne
Fix For: 2.1.0, 2.0.1
Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -x $ip:443 http://google.com/`.
The issue appears on the latest trunk version and the 2.0.x branch as of today.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (TS-274) SSL Handshake not work properly
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-274:
-----------------------------
Affects Version/s: (was: 2.0.1)
2.0.0a
Fix Version/s: (was: 2.0.1)
(was: 2.1.0)
2.0.0
> SSL Handshake not work properly
> -------------------------------
>
> Key: TS-274
> URL: https://issues.apache.org/jira/browse/TS-274
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 2.1.0, 2.0.0a
> Environment: Debian, Linux 2.6.18 32-bit
> Reporter: Marcus Clyne
> Fix For: 2.0.0
>
>
> Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
> The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -k -x $ip:443 http://google.com/`.
> The issue appears on the latest trunk version and the 2.0.x branch as of today when used in forward proxy mode.
> I have not personally tested in reverse proxy mode, but zwoop (Freenode IRC name) tested in reverse proxy mode, and reverse proxy mode worked only in the 2.0.x but not trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (TS-274) SSL Handshake not work properly
Posted by "Marcus Clyne (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marcus Clyne updated TS-274:
----------------------------
Description:
Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -k -x $ip:443 http://google.com/`.
The issue appears on the latest trunk version and the 2.0.x branch as of today.
was:
Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -x $ip:443 http://google.com/`.
The issue appears on the latest trunk version and the 2.0.x branch as of today.
> SSL Handshake not work properly
> -------------------------------
>
> Key: TS-274
> URL: https://issues.apache.org/jira/browse/TS-274
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 2.1.0, 2.0.1
> Environment: Debian, Linux 2.6.18 32-bit
> Reporter: Marcus Clyne
> Fix For: 2.1.0, 2.0.1
>
>
> Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
> The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -k -x $ip:443 http://google.com/`.
> The issue appears on the latest trunk version and the 2.0.x branch as of today.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (TS-274) SSL Handshake not work properly
Posted by "Marcus Clyne (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Marcus Clyne updated TS-274:
----------------------------
Description:
Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -k -x $ip:443 http://google.com/`.
The issue appears on the latest trunk version and the 2.0.x branch as of today when used in forward proxy mode.
I have not personally tested in reverse proxy mode, but zwoop (Freenode IRC name) tested in reverse proxy mode, and reverse proxy mode worked only in the 2.0.x but not trunk.
was:
Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -k -x $ip:443 http://google.com/`.
The issue appears on the latest trunk version and the 2.0.x branch as of today.
> SSL Handshake not work properly
> -------------------------------
>
> Key: TS-274
> URL: https://issues.apache.org/jira/browse/TS-274
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 2.1.0, 2.0.1
> Environment: Debian, Linux 2.6.18 32-bit
> Reporter: Marcus Clyne
> Fix For: 2.1.0, 2.0.1
>
>
> Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
> The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -k -x $ip:443 http://google.com/`.
> The issue appears on the latest trunk version and the 2.0.x branch as of today when used in forward proxy mode.
> I have not personally tested in reverse proxy mode, but zwoop (Freenode IRC name) tested in reverse proxy mode, and reverse proxy mode worked only in the 2.0.x but not trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (TS-274) SSL Handshake not work properly
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leif Hedstrom updated TS-274:
-----------------------------
Fix Version/s: (was: 2.0.0)
2.1.0
> SSL Handshake not work properly
> -------------------------------
>
> Key: TS-274
> URL: https://issues.apache.org/jira/browse/TS-274
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 2.1.0, 2.0.0a
> Environment: Debian, Linux 2.6.18 32-bit
> Reporter: Marcus Clyne
> Fix For: 2.1.0
>
>
> Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
> The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -k -x $ip:443 http://google.com/`.
> The issue appears on the latest trunk version and the 2.0.x branch as of today when used in forward proxy mode.
> I have not personally tested in reverse proxy mode, but zwoop (Freenode IRC name) tested in reverse proxy mode, and reverse proxy mode worked only in the 2.0.x but not trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TS-274) SSL Handshake not work properly
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12849801#action_12849801 ]
Leif Hedstrom commented on TS-274:
----------------------------------
Unfortunately, we currently do not support this feature, VJ and I was looking at it, and he found the section in the docs that talks about it:
(11:38:52 AM) Vijay: http://incubator.apache.org/trafficserver/docs/v2/admin/secure.htm#UsingSSLTermination
(11:38:59 AM) Vijay: The Traffic Server SSL termination option enables you to secure connections in reverse proxy mode between a client and a Traffic Server and/or Traffic Server and an origin server.
So, for now, we'll only support HTTPS in reverse proxy mode. I'll move this bug out into the 2.2.0 timeframe, but not promises that we'll get to it. Volunteers looking to add the support for this are much welcome (VJ thinks it'd be pretty easy, but nested deeply in the code).
> SSL Handshake not work properly
> -------------------------------
>
> Key: TS-274
> URL: https://issues.apache.org/jira/browse/TS-274
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 2.1.0, 2.0.0a
> Environment: Debian, Linux 2.6.18 32-bit
> Reporter: Marcus Clyne
> Fix For: 2.0.0
>
>
> Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
> The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -k -x $ip:443 http://google.com/`.
> The issue appears on the latest trunk version and the 2.0.x branch as of today when used in forward proxy mode.
> I have not personally tested in reverse proxy mode, but zwoop (Freenode IRC name) tested in reverse proxy mode, and reverse proxy mode worked only in the 2.0.x but not trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (TS-274) SSL Handshake not work properly
Posted by "Leif Hedstrom (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/TS-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12849260#action_12849260 ]
Leif Hedstrom commented on TS-274:
----------------------------------
I've confirmed the same problem with both 2.0.x and trunk builds, with forward proxying requests.
The only thing I managed to get to work was reverse proxying HTTPS with 2.0.x, I filed a separate bug on this issue against trunk.
> SSL Handshake not work properly
> -------------------------------
>
> Key: TS-274
> URL: https://issues.apache.org/jira/browse/TS-274
> Project: Traffic Server
> Issue Type: Bug
> Affects Versions: 2.1.0, 2.0.1
> Environment: Debian, Linux 2.6.18 32-bit
> Reporter: Marcus Clyne
> Fix For: 2.1.0, 2.0.1
>
>
> Using self-signed SSL certificates, which are in the correct paths under $prefix, and giving no startup errors, I get the following error when making a request through the proxy :
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:384:
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: SSL_ServerHandShake.
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request:s23_srvr.c:379:
> The first of these two was from using Proxifier (Windows software) to connect to the server, the second is from using `curl -k -x $ip:443 http://google.com/`.
> The issue appears on the latest trunk version and the 2.0.x branch as of today when used in forward proxy mode.
> I have not personally tested in reverse proxy mode, but zwoop (Freenode IRC name) tested in reverse proxy mode, and reverse proxy mode worked only in the 2.0.x but not trunk.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.