You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Bryan Call (JIRA)" <ji...@apache.org> on 2014/05/22 20:17:02 UTC

[jira] [Closed] (TS-2402) SSL v3 is disabled

     [ https://issues.apache.org/jira/browse/TS-2402?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Bryan Call closed TS-2402.
--------------------------

    Resolution: Cannot Reproduce

I tested this against 4.0.2 and 5.0.0 (master build) and I can't reproduce it with curl and forcing it to SSL v3.0:

4.0.2 test:
{code}
[bcall@mac-bryan-wire trafficserver]$ curl -v -D - -s -3 -o /dev/null https://my.yahoo.com
* Adding handle: conn: 0x7ff93180a600
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7ff93180a600) send_pipe: 1, recv_pipe: 0
* About to connect() to my.yahoo.com port 443 (#0)
*   Trying 67.195.141.200...
* Connected to my.yahoo.com (67.195.141.200) port 443 (#0)
* SSL 3.0 connection using SSL_NULL_WITH_NULL_NULL
* Server certificate: www.yahoo.com
* Server certificate: VeriSign Class 3 Secure Server CA - G3
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
* Server certificate: Class 3 Public Primary Certification Authority
> GET / HTTP/1.1
> User-Agent: curl/7.30.0
> Host: my.yahoo.com
> Accept: */*
>
< HTTP/1.1 200 OK
{code}

5.0.0 test:
{code}
[bcall@mac-bryan-wire trafficserver]$ curl -k -v -D - -s -3 -o /dev/null https://l10.ycs.sjb.yahoo.com
* Adding handle: conn: 0x7faab2803a00
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x7faab2803a00) send_pipe: 1, recv_pipe: 0
* About to connect() to l10.ycs.sjb.yahoo.com port 443 (#0)
*   Trying 206.190.60.161...
* Connected to l10.ycs.sjb.yahoo.com (206.190.60.161) port 443 (#0)
* SSL 3.0 connection using SSL_NULL_WITH_NULL_NULL
* Server certificate: *.yimg.com
* Server certificate: VeriSign Class 3 Secure Server CA - G3
* Server certificate: VeriSign Class 3 Public Primary Certification Authority - G5
* Server certificate: Class 3 Public Primary Certification Authority
{code}


> SSL v3 is disabled
> ------------------
>
>                 Key: TS-2402
>                 URL: https://issues.apache.org/jira/browse/TS-2402
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Core, SSL
>    Affects Versions: 4.2.0
>            Reporter: Neddy
>            Assignee: Bryan Call
>             Fix For: 5.0.0
>
>
> Host OS: Debian x86_64
> ATS 4.2.0
> Usage: Reverse server SSL terminal
> CONFIG proxy.config.ssl.SSLv2 INT 0
> CONFIG proxy.config.ssl.SSLv3 INT 1
> CONFIG proxy.config.ssl.TLSv1 INT 1
> Error log:
> [Nov 27 16:35:32.759] Server {0x2b1b5d18d700} ERROR: SSL::3:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:337
> [Nov 27 16:35:32.759] Server {0x2b1b5d18d700} ERROR: [SSL_NetVConnection::ssl_read_from_net]



--
This message was sent by Atlassian JIRA
(v6.2#6252)