Hello!
I just upgraded a few Ubuntu 16.04 servers to 20.04 and Pound went from
v2.7 to v2.8.
Everything seemed to work fine, but after i while i found out that
requests that provided a client cert failed (didnt end up in the log even).
So i downgraded to v2.7 and it works fine again, but i would like to
bump it back to v2.8 again of course, so does anyone have any hints on
what could cause this?
Requests (https) without client-cert work fine, but as soon as a client
cert is provided i get an error like this (curl example):
$ curl https://some.server.com/some/path -E cc.pem
curl: (56) OpenSSL SSL_read: error:14094412:SSL
routines:ssl3_read_bytes:sslv3 alert bad certificate, errno 0
wbr / Alex
And the conf looks like this:
ListenHTTPS
Address ...
Port 443
# to allow PUT
xHTTP 1
HeadRemove "X-Forwarded-For"
HeadRemove "X-SSL-Subject"
HeadRemove "X-SSL-serial"
Cert "/etc/pound/....AllInOne.pem"
ClientCert 1 1
VerifyList "/etc/pound/...crt"
CAlist "/etc/pound/...crt"
# Prefer strong ciphers http://blog.loadbalancer.org/the-poodle-sslv3/
Ciphers
"ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA:HIGH:!MD5:!aNULL:!EDH"
SSLHonorCipherOrder 1
Disable TLSv1_1
Include "/etc/pound/services.cfg"
End
--
Alexander Kolodziej
Pattern Matchician, Tactel AB
Phone: +46761452104
Email: alexander.kolodz...@tactel.se
--
pound mailing list
pound@apsis.ch
https://admin.hostpoint.ch/mailman/listinfo/pound_apsis.ch
