[jira] Commented: (TS-274) SSL Handshake not work properly

Thu, 25 Mar 2010 10:49:52 -0700 

    [ 
https://issues.apache.org/jira/browse/TS-274?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12849801#action_12849801
 ] 

Leif Hedstrom commented on TS-274:
----------------------------------

Unfortunately, we currently do not support this feature, VJ and I was looking 
at it, and he found the section in the docs that talks about it:

(11:38:52 AM) Vijay: 
http://incubator.apache.org/trafficserver/docs/v2/admin/secure.htm#UsingSSLTermination
(11:38:59 AM) Vijay: The Traffic Server SSL termination option enables you to 
secure connections in reverse proxy mode between a client and a Traffic Server 
and/or Traffic Server and an origin server.


So, for now, we'll only support HTTPS in reverse proxy mode. I'll move this bug 
out into the 2.2.0 timeframe, but not promises that we'll get to it. Volunteers 
looking to add the support for this are much welcome (VJ thinks it'd be pretty 
easy, but nested deeply in the code).

> SSL Handshake not work properly
> -------------------------------
>
>                 Key: TS-274
>                 URL: https://issues.apache.org/jira/browse/TS-274
>             Project: Traffic Server
>          Issue Type: Bug
>    Affects Versions: 2.1.0, 2.0.0a
>         Environment: Debian, Linux 2.6.18 32-bit
>            Reporter: Marcus Clyne
>             Fix For: 2.0.0
>
>
> Using self-signed SSL certificates, which are in the correct paths under 
> $prefix, and giving no startup errors, I get the following error when making 
> a request through the proxy :
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: 
> SSL_ServerHandShake.
> Mar 24 14:35:09 www traffic_server[27926]: {1146895248} ERROR: 
> SSL::5:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy 
> request:s23_srvr.c:384:
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: SSL ERROR: 
> SSL_ServerHandShake.
> Mar 24 14:36:47 www traffic_server[27926]: {1146895248} ERROR: 
> SSL::5:error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http 
> request:s23_srvr.c:379:
> The first of these two was from using Proxifier (Windows software) to connect 
> to the server, the second is from using `curl -k -x $ip:443 
> http://google.com/`.
> The issue appears on the latest trunk version and the 2.0.x branch as of 
> today when used in forward proxy mode.
> I have not personally tested in reverse proxy mode, but zwoop (Freenode IRC 
> name) tested in reverse proxy mode, and reverse proxy mode worked only in the 
> 2.0.x but not trunk.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to