Re: [Pound Mailing List] SSL Read Error

Tue, 23 Jul 2013 05:42:07 -0700 

Hello - sorry for the delay - was away for a long weekend..


root@sound:/etc/pound# cat fr.pem  | grep "\--"

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

AS this is an EV certificate, that is what I would expect.



The output of an ab -v 2 gives rise to an "interesting" message...


   Compression: 1 (zlib compression)
    Start Time: 1374581735
    Timeout   : 300 (sec)
    Verify return code: 19 (self signed certificate in certificate chain)
SSL read failed - closing connection
Benchmarking 192.168.156.138 (be patient)...INFO: POST header ==




Buuuuut...
It's not a self-signed... 
Unless you count the fact that one of the certs in the Chain - is signed by the 
authority that made the chain.....


I am going to test this using another, non EV certificate - and see what 
happens - and report back.

Cheers for the help so-far.



--
KR




----- Original Message -----
From: "Conor McCarthy" <[email protected]>
To: [email protected]
Sent: Friday, July 19, 2013 10:57:13 AM
Subject: Re: [Pound Mailing List] SSL Read Error

On 18 July 2013 13:25, Kieran Reynolds <[email protected]> wrote:
> Hello..
>
> I have the following configuration:
>
>
> Internet -> Pound -> Varnish -> Apache(Drupal).
>
> My intention is to us Varnish to cache, and loadbalance across a number of 
> webheads for requests that cannot be cached.
>
> The reason for putting Pound on the outside edge, is to be the SSL terminator.
>
> The problem I have run into, using either Pound 2.5.1 or 2.6.2 (From stock 
> Debian repositories) is that whist I can get the configuration to work, and 
> importantly, speed up page access (cached pages) on port 80, and have tested 
> this using apachebench, ab, the configuration of 443/SSL isn't going quite so 
> well.
>
> I have set this up as follows
>
> Pound (listen externalip:443) -> HTTP -> Varnish (127.0.0.1:8880) -> HTTP -> 
> Apache (127.0.0.20:80)
>
> When I run ab against the external interface, with the FQDN of the site, I 
> get SSL Read Error, Connection Closed, but I can't figure out why.
[...]

Have you tried running ab with "-v 2"? That will dump out additional
SSL info, which might help you track it down.

Also, make sure you are running a contemporary version of ab, support
for SSL in old versions was a little suspect.

Regards,
 Conor.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

--
To unsubscribe send an email with subject unsubscribe to [email protected].
Please contact [email protected] for questions.

Reply via email to