trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeremy Payne <jp557...@gmail.com>
Subject Failed NPN Negotiation
Date Wed, 03 May 2017 19:23:40 GMT
ERROR: failed to find registered SSL endpoint for ''

ATS 6.1.1
Built against RHEL-openssl 1.0.1e-fips


Has anyone identified any legacy/broken clients out in the wild that may be
responsible for causing these errors ?
I cant seem to generate the same error using openssl:

openssl s_client  -connect ip:port  -nextprotoneg ''

If I pass an empty list, ATS just returns a list of supported protocols and
closes the TLS connection. Which is per spec(if i read correctly).

The request must be flawed some other way for ATS to generate this error.
I can't run debug or packet capture on these machines since they are in
production
The error seems somewhat innocent.. I am guessing what I may find is that
these
errors are caused by some broken/incomplete client/TLS implementation.  I
am leaning towards
this being something amiss with early implementations of boringssl.

However, while I am testing some older clients I am putting this out to the
community.
Maybe someone here has already identified some broken clients or identified
a general area
causing these errors to generate.

Thanks!

Mime
View raw message