trafficserver-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Call <bc...@apache.org>
Subject Re: Failed NPN Negotiation
Date Wed, 03 May 2017 20:08:43 GMT
I looked through our produciton logs on all our servers (a lot of servers) and I am seeing
this too once in awhile.  It shouldn’t print the log unless len > 0, but from the logs
it looks like the length is 0.

It might be helpful to also print len to see what the value is.  Can you please file an issue
on this?

Link to issues:
https://github.com/apache/trafficserver/issues <https://github.com/apache/trafficserver/issues>

Thank you,

-Bryan

> On May 3, 2017, at 12:23 PM, Jeremy Payne <jp557198@gmail.com> wrote:
> 
> ERROR: failed to find registered SSL endpoint for ''
> 
> ATS 6.1.1
> Built against RHEL-openssl 1.0.1e-fips
> 
> 
> Has anyone identified any legacy/broken clients out in the wild that may be responsible
for causing these errors ?
> I cant seem to generate the same error using openssl:
> 
> openssl s_client  -connect ip:port  -nextprotoneg ''
> 
> If I pass an empty list, ATS just returns a list of supported protocols and closes the
TLS connection. Which is per spec(if i read correctly). 
> 
> The request must be flawed some other way for ATS to generate this error. 
> I can't run debug or packet capture on these machines since they are in production
> The error seems somewhat innocent.. I am guessing what I may find is that these
> errors are caused by some broken/incomplete client/TLS implementation.  I am leaning
towards
> this being something amiss with early implementations of boringssl. 
> 
> However, while I am testing some older clients I am putting this out to the community.
> Maybe someone here has already identified some broken clients or identified a general
area
> causing these errors to generate.
> 
> Thanks!
> 
> 
> 
> 


Mime
View raw message