Am 16.04.2015 um 13:22 schrieb Susan Hinrichs:
Are you seeing actual failed connections? Or is ATS just logging more intermediate error cases than httpd?
it is just impossible to use "ab" against a ATS, see difference below and when you run https://www.ssllabs.com/ssltest/ against both sites you see SSL2/SSL3 disabled on both
that pretty sure affects also other older clients not only "ab" for no good reasons
__________________________________________________________ [harry@rh:~]$ ab -n 1 https://www.thelounge.net/ This is ApacheBench, Version 2.3 <$Revision: 1638069 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking www.thelounge.net (be patient)...SSL handshake failed (1).140536880785376:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770:
..done __________________________________________________________ [harry@rh:~]$ ab -n 1 https://secure.thelounge.net/ This is ApacheBench, Version 2.3 <$Revision: 1638069 $> Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/ Licensed to The Apache Software Foundation, http://www.apache.org/ Benchmarking secure.thelounge.net (be patient).....done Server Software: Server Hostname: secure.thelounge.net Server Port: 443 SSL/TLS Protocol: TLSv1.2,ECDHE-RSA-AES128-GCM-SHA256,4096,128 __________________________________________________________
On 4/16/2015 6:13 AM, Reindl Harald wrote:Am 16.04.2015 um 13:08 schrieb Neddy, NH. Nam:Yeah, it's been long time: https://issues.apache.org/jira/browse/TS-2402"SSL v3 is disabled" is a completly different story than breaking client handshakes, as said *all* our services have SSL3 disabled and you can benchmark a httpd-server without any issues with "ab"On Thu, Apr 16, 2015 at 4:57 PM, Reindl Harald <[email protected]> wrote:why is it still a issue doing a benchmark to a ATS server with "ab -c 100 -n 20000 https://traffic-server-site/"; while the same works just fine when the server is a normal httpd with SSLv3 also disabled? 140343245031392:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770: SSL handshake failed (1). 140343245031392:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770: SSL handshake failed (1). 140343245031392:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770: SSL handshake failed (1). 140343245031392:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770: SSL handshake failed (1). 140343245031392:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770: SSL handshake failed (1). 140343245031392:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:770
signature.asc
Description: OpenPGP digital signature
