You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by GitBox <gi...@apache.org> on 2022/06/29 07:22:15 UTC

[GitHub] [trafficserver] frostnotfall opened a new issue, #8929: "Invalid client cipher suite" with default setting

frostnotfall opened a new issue, #8929:
URL: https://github.com/apache/trafficserver/issues/8929

   I just install trafficserver from EPEL7.
   
   And I fllowed Document  "Get started -> Configuring A Reverse Proxy" without https, beacuse it Just for test.
   
   Then I got  "invalid client cipher suite", but I didn't change any ssl setings.
   
   Here is the full log:
   ```
   [Jun 29 15:12:47.648] traffic_server STATUS: opened /var/log/trafficserver/diags.log
   [Jun 29 15:12:47.648] traffic_server NOTE: updated diags config
   [Jun 29 15:12:47.695] traffic_server NOTE: storage.config loading ...
   [Jun 29 15:12:47.697] traffic_server NOTE: storage.config finished loading
   [Jun 29 15:12:47.730] traffic_server NOTE: ip_allow.yaml loading ...
   [Jun 29 15:12:47.732] traffic_server NOTE: ip_allow.yaml finished loading
   [Jun 29 15:12:47.733] traffic_server NOTE: parent.config loading ...
   [Jun 29 15:12:47.733] traffic_server NOTE: parent.config finished loading
   [Jun 29 15:12:47.734] traffic_server NOTE: /etc/trafficserver/logging.yaml loading ...
   [Jun 29 15:12:47.735] traffic_server NOTE: /etc/trafficserver/logging.yaml finished loading
   [Jun 29 15:12:47.737] traffic_server NOTE: logging initialized[3], logging_mode = 3
   [Jun 29 15:12:47.737] traffic_server NOTE: Initialized plugin_dynamic_reload_mode: 1
   [Jun 29 15:12:47.737] traffic_server NOTE: plugin.config loading ...
   [Jun 29 15:12:47.738] traffic_server NOTE: plugin.config finished loading
   [Jun 29 15:12:47.741] traffic_server ERROR: SSL::139969208883328:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383
   [Jun 29 15:12:47.741] traffic_server ERROR: invalid client cipher suite in records.config
   ```
   
   Here is the build info:  (traffic_server -V)
   ```
   Traffic Server 9.1.2 Jun 15 2022 15:39:22 buildvm-x86-03.iad2.fedoraproject.org
   traffic_server: using root directory '/usr'
   Apache Traffic Server - traffic_server - 9.1.2 - (build # 061515 on Jun 15 2022 at 15:39:22)
   ```
   
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] frostnotfall commented on issue #8929: "Invalid client cipher suite" with default setting

Posted by GitBox <gi...@apache.org>.

frostnotfall commented on issue #8929:
URL: https://github.com/apache/trafficserver/issues/8929#issuecomment-1183197067

   > @frostnotfall This should be fixed in trafficserver-9.1.2-9 which will be in epel-testing in the next few hours. (I am not sure why the build hasn't pushed to the update system yet. You can watch for it here: https://bodhi.fedoraproject.org/updates/?search=trafficserver)
   > 
   > Once it's pushed you can give it a try with: `yum install trafficserver --enablerepo=epel-testing`
   > 
   > This will push to stable in 7 days (unless it gets karma from testing beforehand).
   
   Thanks a lot, sorry for the late reply, already reported on EPEL.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] jeredfloyd commented on issue #8929: "Invalid client cipher suite" with default setting

Posted by GitBox <gi...@apache.org>.

jeredfloyd commented on issue #8929:
URL: https://github.com/apache/trafficserver/issues/8929#issuecomment-1181709955

   @frostnotfall This should be fixed in trafficserver-9.1.2-9 which will be in epel-testing in the next few hours.  (I am not sure why the build hasn't pushed to the update system yet.  You can watch for it here: https://bodhi.fedoraproject.org/updates/?search=trafficserver)
   
   Once it's pushed you can give it a try with:
    `yum install trafficserver --enablerepo=epel-testing`
   
   This will push to stable in 7 days (unless it gets karma from testing beforehand).


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] jeredfloyd commented on issue #8929: "Invalid client cipher suite" with default setting

Posted by GitBox <gi...@apache.org>.

jeredfloyd commented on issue #8929:
URL: https://github.com/apache/trafficserver/issues/8929#issuecomment-1179907899

   This is a bug in my packaging for EPEL; please report it here:
   https://bugzilla.redhat.com/buglist.cgi?bug_status=NEW&bug_status=ASSIGNED&classification=Fedora&component=trafficserver&product=Fedora&product=Fedora%20EPEL


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] jeredfloyd commented on issue #8929: "Invalid client cipher suite" with default setting

Posted by GitBox <gi...@apache.org>.

jeredfloyd commented on issue #8929:
URL: https://github.com/apache/trafficserver/issues/8929#issuecomment-1179913587

   (Also please assign this bug to me.)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] frostnotfall closed issue #8929: "Invalid client cipher suite" with default setting

Posted by GitBox <gi...@apache.org>.

frostnotfall closed issue #8929: "Invalid client cipher suite" with default setting
URL: https://github.com/apache/trafficserver/issues/8929


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [trafficserver] jeredfloyd commented on issue #8929: "Invalid client cipher suite" with default setting

Posted by GitBox <gi...@apache.org>.

jeredfloyd commented on issue #8929:
URL: https://github.com/apache/trafficserver/issues/8929#issuecomment-1179917841

   As a workaround, please add this to records.config:
   `CONFIG proxy.config.ssl.client.cipher_suite STRING ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-AES256-CCM:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-ARIA256-GCM-SHA384:ECDHE-ARIA256-GCM-SHA384:DHE-DSS-ARIA256-GCM-SHA384:DHE-RSA-ARIA256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA256:ECDHE-ECDSA-CAMELLIA256-SHA384:ECDHE-RSA-CAMELLIA256-SHA384:DHE-RSA-CAMELLIA256-SHA256:DHE-DSS-CAMELLIA256-SHA256:RSA-PSK-AES256-GCM-SHA384:RSA-PSK-CHACHA20-POLY1305:RSA-PSK-ARIA256-GCM-SHA384:AES256-GCM-SHA384:AES256-CCM8:AES256-CCM:ARIA256-GCM-SHA384:AES256-SHA256:CAMELLIA256-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM8:ECDHE-ECDSA-AES128-CCM:DHE-RSA-AES128-C
 CM8:DHE-RSA-AES128-CCM:ECDHE-ECDSA-ARIA128-GCM-SHA256:ECDHE-ARIA128-GCM-SHA256:DHE-DSS-ARIA128-GCM-SHA256:DHE-RSA-ARIA128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:DHE-DSS-AES128-SHA256:ECDHE-ECDSA-CAMELLIA128-SHA256:ECDHE-RSA-CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:DHE-DSS-CAMELLIA128-SHA256:RSA-PSK-AES128-GCM-SHA256:RSA-PSK-ARIA128-GCM-SHA256:AES128-GCM-SHA256:AES128-CCM8:AES128-CCM:ARIA128-GCM-SHA256:AES128-SHA256:CAMELLIA128-SHA256`
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscribe@trafficserver.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org