trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Reindl Harald <h.rei...@thelounge.net>
Subject Re: Deprecation of SSL v2/3
Date Mon, 25 Apr 2016 23:03:02 GMT


Am 26.04.2016 um 00:23 schrieb Phil Sorber:
> On Mon, Apr 25, 2016 at 11:01 AM Reindl Harald <h.reindl@thelounge.net
>     as strict as the ATS configuration (see below) and so no reason for the
>     current "ab" behavior
>
>     you can verify with https://www.ssllabs.com/ssltest/ the following two
>     subdomains:
>
>     * secure.thelounge.net <http://secure.thelounge.net> (httpd)
>     * www.thelounge.net <http://www.thelounge.net> (trafficserver)
>     _____________________________________
>
>     httpd:
>
>     SSLSessionCacheTimeout 900
>     SSLStaplingStandardCacheTimeout 86400
>     SSLStaplingErrorCacheTimeout 300
>     SSLStaplingReturnResponderErrors Off
>     SSLStaplingFakeTryLater Off
>     SSLProtocol All -SSLv2 -SSLv3
>     SSLFIPS Off
>     SSLCompression Off
>     SSLInsecureRenegotiation Off
>     SSLSessionTickets Off
>     SSLVerifyClient none
>     SSLHonorCipherOrder On
>     SSLCipherSuite
>     ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA128-SHA:DHE-RSA-CAMELLIA256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:CAMELLIA128-SHA:CAMELLIA256-SHA:ECDHE-RSA-DES-CBC3-SHA:DES-CBC3-SHA:!LOW:!MEDIUM
>     _____________________________________
>
>
> ap_log_error(APLOG_MARK, APLOG_TRACE3, 0, s,
>                  "Creating new SSL context (protocols: %s)", cp);
>
> Can you turn on TRACE3 level logging in HTTPD and see if you can find
> the output of that? Trying to trace through the code path in HTTPD to
> see what they might be doing different than us

sorry - can you elaborate - i am just a sysadmin / web-developer with 
apckaging knowledge - that sort of debugging sounds like above my scope 
without exact instructions


Mime
View raw message