trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: Deprecation of SSL v2/3
Date Sat, 16 Apr 2016 22:44:28 GMT


Am 17.04.2016 um 00:38 schrieb Leif Hedstrom:
>> so what gives you ab -c 5 -n 100https://www.thelounge.net/on your client?
>
> It fails too from that CentOS7 box to your box.
>
>>
>> [harry@srv-rhsoft:~]$ ab -c 5 -n 100https://docs.trafficserver.apache.org/
>> This is ApacheBench, Version 2.3 <$Revision: 1706008 $>
>> Copyright 1996 Adam Twiss, Zeus Technology Ltd,http://www.zeustech.net/
>> Licensed to The Apache Software Foundation,http://www.apache.org/
>>
>> Benchmarkingdocs.trafficserver.apache.org
>> <http://docs.trafficserver.apache.org/>(be patient)...^C
>>
>> Server Software:        ATS/6.2.0
>> Server Hostname: docs.trafficserver.apache.org
>> <http://docs.trafficserver.apache.org/>
>> Server Port:            443
>> SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,2048,128
>
> So it seems your ab works against this CentOS7 box running ATS v6.2.0 ?

yes

> What version of OpenSSL did you build ATS with? I am running
> docs.trafficserver.a.o with OpenSSL v1.0.2g if I recall (latest stable
> release)

seems not matter that much since i have this issue for years now and the 
httpd servers are built in the same environments with the same libraries 
and don't have that issue

there where a lot of ATS and openssl versions over the time - looking at 
the output of ssllabs the ATS box donÄt support some SSL3 *compatibke* 
handshake for whatever reasons

[root@buildserver:~]$ rpm -qa | grep openssl
openssl-devel-1.0.2g-2.fc23.20160319.rh.x86_64
openssl-libs-1.0.2g-2.fc23.20160319.rh.x86_64
openssl-1.0.2g-2.fc23.20160319.rh.x86_64
openssl-perl-1.0.2g-2.fc23.20160319.rh.x86_64

[root@buildserver:~]$ rpm -q trafficserver
trafficserver-6.1.1-2.fc23.20160320.rh.x86_64

[root@buildserver:~]$ cat /rpmbuild/SPECS/trafficserver.spec
%global            debug_package    %{nil}

Summary:           Apache Trafficserver
Name:              trafficserver
Version:           6.1.1
Release:           2%{?dist}
Epoch:             2
License:           ASL 2.0
Group:             System Environment/Daemons
Source0: 
http://www.apache.org/dist/%{name}/%{name}-%{version}.tar.bz2
Source1:           %{name}.service
Source2:           %{name}.tmpfilesd
URL:               http://trafficserver.apache.org/index.html
BuildRequires:     autoconf
BuildRequires:     automake
BuildRequires:     expat-devel
BuildRequires:     gcc-c++
BuildRequires:     hwloc-devel
BuildRequires:     libaio-devel
BuildRequires:     libtool
BuildRequires:     openssl-devel
BuildRequires:     pcre-devel
BuildRequires:     tcl-devel
BuildRequires:     xz-devel
BuildRequires:     zlib-devel
BuildRequires:     ncurses-devel
BuildRequires:     libcurl-devel
Requires:          systemd

%description
Apache Traffic Server is a fast, scalable and extensible HTTP/1.1 
compliant caching proxy server 

 
 

%package           devel 
 

Summary:           Apache Traffic Server development libraries and 
header files 

Group:             Development/Libraries 
 

Requires:          %{name} = %{version}-%{release} 
 

%description       devel 
 

 
 

%package           manpages 
 

Summary:           Trafficserver manuals 
 

Group:             Applications/System 
 

%description       manpages 
 


%package           plugins
Summary:           Trafficserver plugins
Group:             Applications/System
%description       plugins

%prep
%setup -q

%build
export CFLAGS="%{optflags} -O3 -fPIC -Wno-deprecated-declarations 
-Wno-error=unused-result -funroll-loops -funswitch-loops 
-minline-all-stringops -flto -ffat-lto-objects -fuse-ld=gold 
-fuse-linker-plugin"
export CXXFLAGS="$CFLAGS"
export LDFLAGS="-Wl,-z,now -Wl,-z,relro,-z,noexecstack,-fuse-ld=gold 
-pie %{optflags} -O3 -funroll-loops -funswitch-loops 
-minline-all-stringops -flto -ffat-lto-objects -fuse-ld=gold 
-fuse-linker-plugin"
export SH_LDFLAGS="-Wl,-z,now -Wl,-z,relro,-z,noexecstack,-fuse-ld=gold 
%{optflags} -O3 -funroll-loops -funswitch-loops -minline-all-stringops 
-flto -ffat-lto-objects -fuse-ld=gold -fuse-linker-plugin"
./configure --enable-layout=Gentoo \
  --libdir=%{_libdir}/%{name} \
  --with-group=ats \
  --with-user=ats \
  --disable-debug \
  --disable-diags \
  --disable-spdy \
  --disable-static \
  --disable-tests \
  --enable-hwloc \
  --enable-shared  \
  --with-jemalloc \
  --with-pic \
  --with-tcl=%{_libdir} \
  --with-xml=expat
%{__make} %{?_smp_mflags}

%install
make install-strip DESTDIR=%{buildroot}
mkdir -p %{buildroot}/run/%{name}
install -D -m 0644 -p %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service
install -D -m 0644 -p %{SOURCE2} %{buildroot}%{_tmpfilesdir}/%{name}.conf
rm -rf %{buildroot}%{_docdir}/%{name} \
  %{buildroot}%{_libdir}/perl5/ \
  %{buildroot}%{_libdir}/%{name}/*.a \
  %{buildroot}%{_libdir}/%{name}/*.la \
  %{buildroot}%{_libdir}/%{name}/plugins/*.la \
  %{buildroot}%{_datarootdir}/perl5/Apache/TS.pm \
  %{buildroot}%{_datarootdir}/perl5/Apache/TS.pm.in \
  %{buildroot}%{_datarootdir}/perl5/Apache/TS/AdminClient.pm \
  %{buildroot}%{_datarootdir}/perl5/Apache/TS/Config.pm \
  %{buildroot}%{_datarootdir}/perl5/Apache/TS/Config/Records.pm \
  %{buildroot}%{_bindir}/tspush \
  %{buildroot}%{_bindir}/traffic_shell \
  %{buildroot}%{_bindir}/traffic_sac \
  %{buildroot}%{_bindir}/trafficserver \
  %{buildroot}%{_bindir}/tstop \
  %{buildroot}%{_bindir}/header_rewrite_test
strip -s %{buildroot}%{_bindir}/traffic_cop \
  %{buildroot}%{_bindir}/traffic_line \
  %{buildroot}%{_bindir}/traffic_logcat \
  %{buildroot}%{_bindir}/traffic_logstats \
  %{buildroot}%{_bindir}/traffic_server \
  %{buildroot}%{_libdir}/%{name}/*.so* \
  %{buildroot}%{_libdir}/%{name}/plugins/*.so
mkdir -p %{buildroot}%{_sysconfdir}/ld.so.conf.d \
  %{buildroot}%{_sysconfdir}/%{name}/internal \
  %{buildroot}%{_sysconfdir}/%{name}/snapshots \
  %{buildroot}%{_sysconfdir}/%{name}/ssl \
  %{buildroot}%{_docdir}/%{name}/etc/body_factory/default
chmod 0770 %{buildroot}%{_sysconfdir}/%{name}/internal
chmod 0770 %{buildroot}%{_sysconfdir}/%{name}/snapshots
chmod 0750 %{buildroot}%{_sysconfdir}/%{name}/ssl
chmod 0750 %{buildroot}%{_sysconfdir}/%{name}/body_factory
echo "%{_libdir}/%{name}" > 
%{buildroot}%{_sysconfdir}/ld.so.conf.d/%{name}-%{_arch}.conf
mv %{buildroot}%{_sysconfdir}/%{name}/body_factory/default/* 
%{buildroot}%{_docdir}/%{name}/etc/body_factory/default/
mv %{buildroot}%{_sysconfdir}/%{name}/*.config 
%{buildroot}%{_docdir}/%{name}/etc/

%post
%{_sbindir}/ldconfig
%{_bindir}/systemctl --system daemon-reload &> /dev/null
chown root:ats %{_sysconfdir}/%{name}/body_factory &> /dev/null
chown root:ats %{_sysconfdir}/%{name}/ssl &> /dev/null
chown ats:ats %{_sysconfdir}/%{name}/internal &> /dev/null
chown ats:ats %{_sysconfdir}/%{name}/snapshots &> /dev/null
exit 0

%pre
getent group ats &> /dev/null || groupadd -r ats -g 176 &> /dev/null
getent passwd ats &> /dev/null || useradd -r -u 176 -g ats -d / -s 
%{_sbindir}/nologin -c "Apache Traffic Server" ats &> /dev/null
exit 0

%files
%dir %{_libdir}/%{name}
%dir %{_sysconfdir}/%{name}
%config(noreplace) %{_sysconfdir}/%{name}/*
%{_bindir}/traffic*
%{_libdir}/%{name}/*.so.*
%{_unitdir}/%{name}.service
%{_tmpfilesdir}/%{name}.conf
%attr(0770, ats, ats) %dir %{_var}/log/%{name}
%attr(0770, ats, ats) %dir /run/%{name}
%attr(0770, ats, ats) %dir %{_var}/cache/%{name}
%attr(0644, root, root) %{_sysconfdir}/ld.so.conf.d/*

%files devel
%{_bindir}/tsxs
%dir %{_includedir}/trafficserver
%{_includedir}/trafficserver/*
%{_libdir}/%{name}/*.so
%{_libdir}/%{name}/pkgconfig/*.pc

%files manpages
%{_mandir}/man3/*
%{_docdir}/%{name}/*

%files plugins
%dir %{_libdir}/%{name}/plugins
%{_libdir}/%{name}/plugins/*.so

%changelog
* Sun Mar 20 2016 Reindl Harald <h.reindl@thelounge.net>
- update to 6.1.1


Mime
View raw message