Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-405

SSL Termination not working

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.1.1
    • 2.1.3
    • Core
    • None

    • Red Hat Enterprise Linux AS release 4 (Nahant Update 6) - x86_64

    Description

      Turned on SSL termination with Apache TS-2.1.1 (proxy.config.ssl.enabled) with other config options left as the default settings. The packages is shipped with a certificate (server.pm) which is used for SSL session. With this default setting, the SSL termination does not seem to work. See the error below -

      [anirbanr@llf531136 trafficserver]$ https_proxy=localhost:443 wget -d --no-check-certificate https://login/yahoo.com
      Setting --check-certificate (checkcertificate) to 0
      DEBUG output created by Wget 1.10.2 (Red Hat modified) on linux-gnu.

      -11:24:41- https://login/yahoo.com
      => `yahoo.com'
      Resolving localhost... 127.0.0.1
      Caching localhost => 127.0.0.1
      Connecting to localhost|127.0.0.1|:443... connected.
      Created socket 3.
      Releasing 0x0000000000552380 (new refcount 1).

      --request begin--
      CONNECT login:443 HTTP/1.0
      User-Agent: Wget/1.10.2 (Red Hat modified)

      --request end--
      Failed reading proxy response: Connection reset by peer
      Closed fd 3
      Retrying.

      ==========================================================================================
      syslog output
      ==========================================================================================

      [anirbanr@llf531136 ats-test]$ tail -f /var/log/messages | grep traffic
      Jul 27 11:02:22 llf531136 traffic_manager[20264]:

      {182924636832} ERROR: (last system error 9: Bad file descriptor)
      Jul 27 11:24:18 llf531136 traffic_cop[25036]: — Cop Starting Version: Apache Traffic Server - traffic_cop - 2.1.1-unstable - (build # 62010 on Jul 20 2010 at 10:17:13)
      Jul 27 11:24:18 llf531136 traffic_cop[25036]: traffic_manager not running, making sure traffic_server is dead
      Jul 27 11:24:18 llf531136 traffic_cop[25036]: spawning traffic_manager
      Jul 27 11:24:18 llf531136 traffic_manager[25037]: NOTE: — Manager Starting —
      Jul 27 11:24:18 llf531136 traffic_manager[25037]: NOTE: Manager Version: Apache Traffic Server - traffic_manager - 2.1.1-unstable - (build # 62010 on Jul 20 2010 at 10:17:39)
      Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832}

      NOTE: updated diags config
      Jul 27 11:24:18 llf531136 traffic_manager[25037]:

      {182924636832} NOTE: [Rollback::openFile] Open of cache.config failed: Permission denied
      Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832}

      NOTE: [Rollback::Rollback] Config file is read-only : cache.config
      Jul 27 11:24:18 llf531136 traffic_manager[25037]:

      {182924636832} NOTE: [ClusterCom::ClusterCom] Node running on OS: 'Linux' Release: '2.6.9-67.0.22.ELsmp'
      Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832}

      NOTE: [LocalManager::listenForProxy] Listening on port: 8085
      Jul 27 11:24:18 llf531136 traffic_manager[25037]:

      {182924636832} NOTE: [LocalManager::listenForProxy] Listening on port: 443
      Jul 27 11:24:18 llf531136 traffic_manager[25037]: {182924636832}

      NOTE: [TrafficManager] Setup complete
      Jul 27 11:24:19 llf531136 traffic_manager[25037]:

      {182924636832} NOTE: [LocalManager::startProxy] Launching ts process
      Jul 27 11:24:19 llf531136 traffic_manager[25037]: {182924636832}

      NOTE: [LocalManager::pollMgmtProcessServer] New process connecting fd '10'
      Jul 27 11:24:19 llf531136 traffic_manager[25037]:

      {182924636832} NOTE: [Alarms::signalAlarm] Server Process born
      Jul 27 11:24:20 llf531136 traffic_server[25049]: NOTE: — Server Starting —
      Jul 27 11:24:20 llf531136 traffic_server[25049]: NOTE: Server Version: Apache Traffic Server - traffic_server - 2.1.1-unstable - (build # 62010 on Jul 20 2010 at 10:17:53)
      Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: updated diags config
      Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: cache clustering disabled
      Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: cache clustering disabled
      Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: logging initialized[7], logging_mode = 3
      Jul 27 11:24:20 llf531136 traffic_server[25049]: {182924636544} NOTE: traffic server running
      Jul 27 11:24:32 llf531136 traffic_server[25049]: {1095842144} NOTE: cache enabled
      Jul 27 11:24:41 llf531136 traffic_server[25049]: {1140050272} ERROR: SSL ERROR: SSL_ServerHandShake.
      Jul 27 11:24:41 llf531136 traffic_server[25049]: {1140050272} ERROR: SSL::39:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
      Jul 27 11:24:42 llf531136 traffic_server[25049]: {1137944928} ERROR: SSL ERROR: SSL_ServerHandShake.
      Jul 27 11:24:42 llf531136 traffic_server[25049]: {1137944928} ERROR: SSL::37:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
      Jul 27 11:24:44 llf531136 traffic_server[25049]: {1142155616} ERROR: SSL ERROR: SSL_ServerHandShake.
      Jul 27 11:24:44 llf531136 traffic_server[25049]: {1142155616} ERROR: SSL::41:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:

      ==========================================================================================
      traffic.out output
      ==========================================================================================

      [E. Mgmt] log ==> [TrafficManager] using root directory '/export/crawlspace/packages/ats-2.1.1'
      [Jul 27 11:24:18.353] {182924636832}

      STATUS: opened /export/crawlspace/packages/ats-2.1.1/var/log/trafficserver/manager.log
      [TrafficServer] using root directory '/export/crawlspace/packages/ats-2.1.1'
      [Jul 27 11:24:20.506]

      {182924636544}

      STATUS: opened /export/crawlspace/packages/ats-2.1.1/var/log/trafficserver/diags.log
      [Jul 27 11:24:41.676] Server

      {1140050272} ERROR: SSL ERROR: SSL_ServerHandShake.
      [Jul 27 11:24:41.676] Server {1140050272}

      ERROR: SSL::39:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
      [Jul 27 11:24:42.679] Server

      {1137944928} ERROR: SSL ERROR: SSL_ServerHandShake.
      [Jul 27 11:24:42.679] Server {1137944928}

      ERROR: SSL::37:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:
      [Jul 27 11:24:44.681] Server

      {1142155616} ERROR: SSL ERROR: SSL_ServerHandShake.
      [Jul 27 11:24:44.681] Server {1142155616}

      ERROR: SSL::41:error:1407609B:SSL routines:SSL23_GET_CLIENT_HELLO:https proxy request:s23_srvr.c:402:

      Attachments

        Activity

          People

            zwoop Leif Hedstrom
            r_anirban Anirban Roy
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: