-
Notifications
You must be signed in to change notification settings - Fork 197
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Using ssllabs to verify ssl shows error logs on sozu #1149
Comments
Hi! Thanks for your interest in Sozu. The errors generated during the SSL Labs testing seem legitimate. Maybe tagging them "error" is misleading as they are not errors from Sozu, but unexpected behavior from the client. I don't know exactly all the tests conducted by SSL Labs but it wouldn't surprise me if they injected error cases to see how the site handles them. |
Hi, in your second message, it seems the SSL handshake works, contrary to your first message, in which you said you had an error
The general flow should be:
I'm curious if Sozu successfully connects to your backend and if it writes all the bytes to it. |
When running ssl test from ssllabs, i got this error logs, i dont know if it was my conf problem or i have setup wrong https cert, but i receive A rating from the test, and that means all good. I dont know what this error logs had to do:
ERROR WRK-00 RUSTLS
2024-11-04T06:18:56.608175Z 1730701136608175255 74051 ERROR WRK-01 RUSTLS [01JBTX74Q086X9XF52Q8X9012K - -] Session(sni="a.domain.com", source="source_ip", frontend=10, readiness=I("R-EH")&R("RW--")=M("R---"))
Could not perform handshake: PeerIncompatible(NoKxGroupsInCommon
Could not perform handshake: InappropriateMessage { expect_types: [Handshake], got_type: ChangeCipherSpec
ERROR WRK-01 cannot look up certificate: no SNI from session
Could not perform handshake: PeerIncompatible(NoCipherSuitesInCommon)
Could not perform handshake: General("no server certificate chain resolved")
Could not perform handshake: PeerIncompatible(SignatureAlgorithmsExtensionRequired)
Could not perform handshake: NoApplicationProtocol
Im using cerbot to generate ssl cert
certbot certonly --standalone -d a.domain.com
And copied all required certs for https.
My sozu https conf:
[[listeners]]
protocol = "http"
address = "0.0.0.0:80"
[[listeners]]
protocol = "https"
address = "0.0.0.0:443"
tls_versions = ["TLS_V12", "TLS_V13"]
cipher_list = [
"TLS13_AES_256_GCM_SHA384",
"TLS13_AES_128_GCM_SHA256",
"TLS13_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
]
[clusters]
[clusters.Server1]
protocol = "http"
https_redirect = true
frontends = [
{ address ="0.0.0.0:80", hostname = "a.domain.com" },
{ address = "0.0.0.0:443", hostname = "a.domain.com", certificate = "/etc/letsencrypt/live/a.domain.com/cert.pem", key = "/etc/letsencrypt/live/a.domain.com/privkey.pem", certificate_chain = "/etc/letsencrypt/live/a.domain.com/chain.pem" },
]
backends = [
{ address = "127.0.0.1:6128" }
]
Im trying to upload files to my backend server using curl
curl -F "[email protected]" "https://a.domain.com/upload
, but mostly got error logs aboutCould not perform handshake
and can't upload the files. When using other reverse proxys like nginx, envoy, haproxy, everything good and had no problems. Im in the process to migrate all my ends to sozu, but this https error kept holding me.The text was updated successfully, but these errors were encountered: