Re: SSL 2 handshake compatibility No (and no SSL3)

[Reindl Harald <h....@thelounge.net>]

uhm maybe because "CONFIG proxy.config.ssl.SSLv3 INT 1" is ignored

ssllabs says about the ATS machine:
 * TLS 1.2 Yes	
 * TLS 1.1 Yes
 * TLS 1.0 Yes
 * SSL 3 No	
 * SSL 2 No

but that maybe because "SSL 2 handshake compatibility"

to qualify that i am lacking deeper knowledge of SSL internals
i only know best practices, how to verify and configure them
with httpd and in case of ATS i am a bloody TSL/SSL beginner

on the other hand httpd with "SSLProtocol All -SSLv2 -SSLv3"
and "ab" happily benchmarks, so it looks like some interoperability
problem which should not hit modern software but in case of business
users on the client side.........

SSL 2 handshake compatibility Yes
TLS 1.2 Yes	
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 	No	
SSL 2 	No

Am 31.01.2014 16:14, schrieb Reindl Harald:
> https://www.ssllabs.com/ssltest/
> 
> another issue i think
> SSL 2 handshake compatibility No
> 
> ab -c 5 -n 5 https://www.example.com/ fails with the following messages
> httpd with SSL2 disabled has no problem with the handshake and ssllab
> says "SSL 2 handshake compatibility Yes"
> 
> i recognized that by luck while i wanted to benchmark ssl-termination
> __________________________________________________________
> 
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> SSL handshake failed (1).
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> SSL handshake failed (1).
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> SSL handshake failed (1).
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> SSL handshake failed (1).
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> ..done