trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Walsh, Peter" <Peter.Wa...@disney.com>
Subject SSL Error on RHEL 5, wrong cipher returned
Date Tue, 07 Aug 2012 20:34:50 GMT
Hello all,
We recently experienced an issue in which our ATS instances got into a bad state and requests
to origin servers over https began failing.   The traffic.out log file has many SSL Errors
regarding a wrong cipher returned (see below).  Restarting traffic server resolved this issue.
 We have only seen this a few times and are unable to reproduce it ourselves.

Has anyone experienced this?

In doing some research I uncovered several mentions of thread safety issues with open SSL
that that could lead to this type of error.  However, we've been unable to pin point an open
SSL patch that gives us high degree of confidence that upgrading our open SSL fixes this and
since it doesn't happen often and we can't reproduce it, there isn't a way to verify the bug
is gone.

traffic.out Log Snippet:
[Aug  6 14:38:02.261] Server {1103939904} ERROR: SSL::9:error:14092105:SSL routines:SSL3_GET_SERVER_HELLO:wrong
cipher returned:s3_clnt.c:744:
[Aug  6 14:38:02.263] Server {1103939904} ERROR: SSL ERROR: sslClientHandShakeEvent.

Error.log snippet (with our IP's, host and paths removed):
20120806.13h07m22s CONNECT:[1] could not connect [CONNECTION_ERROR] to <insert IP here>
for 'https://<<https://<host>insert host and path>'
20120806.13h07m22s CONNECT:[2] could not connect [CONNECTION_ERROR] to <insert IP here>
for 'https://<<https://<host>insert host and path>'
20120806.13h07m22s RESPONSE: sent 0.0.0.0 status 502 (Connect Error <Success/0>) for
'https://<<https://<host>insert host and path>'



Mime
View raw message