You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@trafficserver.apache.org by Reindl Harald <h....@thelounge.net> on 2014/01/31 16:14:16 UTC
SSL 2 handshake compatibility No
https://www.ssllabs.com/ssltest/
another issue i think
SSL 2 handshake compatibility No
ab -c 5 -n 5 https://www.example.com/ fails with the following messages
httpd with SSL2 disabled has no problem with the handshake and ssllab
says "SSL 2 handshake compatibility Yes"
i recognized that by luck while i wanted to benchmark ssl-termination
__________________________________________________________
140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
SSL handshake failed (1).
140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
SSL handshake failed (1).
140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
SSL handshake failed (1).
140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
SSL handshake failed (1).
140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
..done
Re: SSL 2 handshake compatibility No (and no SSL3)
Posted by Reindl Harald <h....@thelounge.net>.
uhm maybe because "CONFIG proxy.config.ssl.SSLv3 INT 1" is ignored
ssllabs says about the ATS machine:
* TLS 1.2 Yes
* TLS 1.1 Yes
* TLS 1.0 Yes
* SSL 3 No
* SSL 2 No
but that maybe because "SSL 2 handshake compatibility"
to qualify that i am lacking deeper knowledge of SSL internals
i only know best practices, how to verify and configure them
with httpd and in case of ATS i am a bloody TSL/SSL beginner
on the other hand httpd with "SSLProtocol All -SSLv2 -SSLv3"
and "ab" happily benchmarks, so it looks like some interoperability
problem which should not hit modern software but in case of business
users on the client side.........
SSL 2 handshake compatibility Yes
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No
Am 31.01.2014 16:14, schrieb Reindl Harald:
> https://www.ssllabs.com/ssltest/
>
> another issue i think
> SSL 2 handshake compatibility No
>
> ab -c 5 -n 5 https://www.example.com/ fails with the following messages
> httpd with SSL2 disabled has no problem with the handshake and ssllab
> says "SSL 2 handshake compatibility Yes"
>
> i recognized that by luck while i wanted to benchmark ssl-termination
> __________________________________________________________
>
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> SSL handshake failed (1).
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> SSL handshake failed (1).
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> SSL handshake failed (1).
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> SSL handshake failed (1).
> 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:741:
> ..done