trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Clark Elliott Haskins III <cl...@abqwebdev.com>
Subject problems with SSL on ATS 4.1.2
Date Mon, 17 Mar 2014 00:48:30 GMT
I recently started using ATS and I am now trying to configure SSL. I have
tried with both self-signed certs and one from DigiCert with no luck. I
continue to get (Error code: ssl_error_no_cypher_overlap) from firefox and
the following message when I run traffic_server -T ssl

[Mar 16 18:15:11.422] Server {0xb7f99900} DEBUG: (ssl) mapping '
www.DOMAIN.com' to certificate /usr/local/certs/trafficserver/server.crt
[Mar 16 18:15:11.422] Server {0xb7f99900} DEBUG: (ssl) indexed '
www.DOMAIN.com' with SSL_CTX 0x9917a58
[Mar 16 18:15:11.422] Server {0xb7f99900} DEBUG: (ssl) indexed '*' with
SSL_CTX 0x9944228
[Mar 16 18:15:14.177] Server {0xb5906b90} DEBUG: (ssl)
[SSLNextProtocolAccept:mainEvent] event 202 netvc 0xb2211780
[Mar 16 18:15:14.178] Server {0xb5906b90} DEBUG: (ssl)
SSL::6:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1008
[Mar 16 18:15:14.178] Server {0xb5906b90} DEBUG: <SSLNetVConnection.cc:500
(sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1),
errno=0
[Mar 16 18:15:14.475] Server {0xb5906b90} DEBUG: (ssl)
SSL::6:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1008
[Mar 16 18:15:14.475] Server {0xb5906b90} DEBUG: <SSLNetVConnection.cc:500
(sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1),
errno=0
[Mar 16 18:15:19.149] Server {0xb5805b90} DEBUG: (ssl)
[SSLNextProtocolAccept:mainEvent] event 202 netvc 0xb2211590
[Mar 16 18:15:19.149] Server {0xb5805b90} DEBUG: (ssl)
SSL::7:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1008
[Mar 16 18:15:19.149] Server {0xb5805b90} DEBUG: <SSLNetVConnection.cc:500
(sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1),
errno=0
[Mar 16 18:15:19.242] Server {0xb5805b90} DEBUG: (ssl)
SSL::7:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:s3_srvr.c:1008
[Mar 16 18:15:19.242] Server {0xb5805b90} DEBUG: <SSLNetVConnection.cc:500
(sslServerHandShakeEvent)> (ssl) SSL handshake error: SSL_ERROR_SSL (1),
errno=0

There are no other errors in any of the ATS log files

Here are the relevant SSL parts of my records.config:
CONFIG proxy.config.http.server_ports STRING 80 ssl:443
CONFIG proxy.config.ssl.number.threads INT 0
CONFIG proxy.config.ssl.SSLv2 INT 0
CONFIG proxy.config.ssl.SSLv3 INT 1
CONFIG proxy.config.ssl.TLSv1 INT 1
CONFIG proxy.config.ssl.server.cipher_suite STRING
RC4-SHA:AES128-SHA:DES-CBC3-SHA:AES256-SHA:ALL:!aNULL:!EXP:!LOW:!MD5:!SSLV2:!NULL
CONFIG proxy.config.ssl.server.honor_cipher_order INT 0
CONFIG proxy.config.ssl.compression INT 0
CONFIG proxy.config.ssl.client.certification_level INT 0
CONFIG proxy.config.ssl.server.cert.path STRING certs/trafficserver
CONFIG proxy.config.ssl.server.private_key.path STRING certs/trafficserver
CONFIG proxy.config.ssl.CA.cert.path STRING certs/trafficserver
CONFIG proxy.config.ssl.client.verify.server INT 0
CONFIG proxy.config.ssl.client.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.cert.path STRING certs/trafficserver
CONFIG proxy.config.ssl.client.private_key.filename STRING NULL
CONFIG proxy.config.ssl.client.private_key.path STRING certs/trafficserver
CONFIG proxy.config.ssl.client.CA.cert.filename STRING NULL
CONFIG proxy.config.ssl.client.CA.cert.path STRING certs/trafficserver

I have several different domains hosted in this ATS instance, which I don't
believe should be the problem? Here are the relevant pieces of my
remap.config

map https://www.DOMAIN.com/ http://real.DOMAIN.com/
reverse_map http://real.DOMAIN.com/ https://www.DOMAIN.com/

Here is my ssl_multicert.config:
ssl_cert_name=server.crt ssl_key_name=server.key ssl_ca_name=ca.crt

Thanks!
-Clark

Mime
View raw message