trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Walsh, Peter" <Peter.Wa...@disney.com>
Subject RE: SSL Error on RHEL 5, wrong cipher returned
Date Mon, 13 Aug 2012 15:41:33 GMT
In case anyone else experiences this on RHEL 5, we updated our OpenSSL library to the latest
and so far haven't seen this issue again.

Pete Walsh
Software Engineer
206-664-4150

From: users-return-1966-Peter.Walsh=disney.com@trafficserver.apache.org [mailto:users-return-1966-Peter.Walsh=disney.com@trafficserver.apache.org]
On Behalf Of Walsh, Peter
Sent: Tuesday, August 07, 2012 1:35 PM
To: users@trafficserver.apache.org
Subject: SSL Error on RHEL 5, wrong cipher returned

Hello all,
We recently experienced an issue in which our ATS instances got into a bad state and requests
to origin servers over https began failing.   The traffic.out log file has many SSL Errors
regarding a wrong cipher returned (see below).  Restarting traffic server resolved this issue.
 We have only seen this a few times and are unable to reproduce it ourselves.

Has anyone experienced this?

In doing some research I uncovered several mentions of thread safety issues with open SSL
that that could lead to this type of error.  However, we've been unable to pin point an open
SSL patch that gives us high degree of confidence that upgrading our open SSL fixes this and
since it doesn't happen often and we can't reproduce it, there isn't a way to verify the bug
is gone.

traffic.out Log Snippet:
[Aug  6 14:38:02.261] Server {1103939904} ERROR: SSL::9:error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong
cipher returned:s3_clnt.c:744:
[Aug  6 14:38:02.263] Server {1103939904} ERROR: SSL ERROR: sslClientHandShakeEvent.

Error.log snippet (with our IP's, host and paths removed):
20120806.13h07m22s CONNECT:[1] could not connect [CONNECTION_ERROR] to <insert IP here>
for 'https://<<https://%3chost>insert host and path>'
20120806.13h07m22s CONNECT:[2] could not connect [CONNECTION_ERROR] to <insert IP here>
for 'https://<<https://%3chost>insert host and path>'
20120806.13h07m22s RESPONSE: sent 0.0.0.0 status 502 (Connect Error <Success/0>) for
'https://<<https://%3chost>insert host and path>'



Mime
View raw message