uhm maybe because "CONFIG proxy.config.ssl.SSLv3 INT 1" is ignored
ssllabs says about the ATS machine: * TLS 1.2 Yes * TLS 1.1 Yes * TLS 1.0 Yes * SSL 3 No * SSL 2 No but that maybe because "SSL 2 handshake compatibility" to qualify that i am lacking deeper knowledge of SSL internals i only know best practices, how to verify and configure them with httpd and in case of ATS i am a bloody TSL/SSL beginner on the other hand httpd with "SSLProtocol All -SSLv2 -SSLv3" and "ab" happily benchmarks, so it looks like some interoperability problem which should not hit modern software but in case of business users on the client side......... SSL 2 handshake compatibility Yes TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No Am 31.01.2014 16:14, schrieb Reindl Harald: > https://www.ssllabs.com/ssltest/ > > another issue i think > SSL 2 handshake compatibility No > > ab -c 5 -n 5 https://www.example.com/ fails with the following messages > httpd with SSL2 disabled has no problem with the handshake and ssllab > says "SSL 2 handshake compatibility Yes" > > i recognized that by luck while i wanted to benchmark ssl-termination > __________________________________________________________ > > 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure:s23_clnt.c:741: > SSL handshake failed (1). > 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure:s23_clnt.c:741: > SSL handshake failed (1). > 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure:s23_clnt.c:741: > SSL handshake failed (1). > 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure:s23_clnt.c:741: > SSL handshake failed (1). > 140636917385200:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 > alert handshake failure:s23_clnt.c:741: > ..done
signature.asc
Description: OpenPGP digital signature
