nov 28
Apache/Subversion: SSL negotiation failed: SSL error: parse tlsext
我的 SVN 服务器升级到 FreeBSD 8.0 Release 之后,原先 Apache + SSL + Subversion 的环境,在客户端(包括 Ubuntu 9.10 和 Mac OS X 1.5.8)做任何 SVN 操作的时候,会得到标题给出的提示。
查了下,是因为 TLSv1 协议的问题,不知是 OpenSSL 的 bug 还是 Subversion 的 bug,总之无法正常工作。
修改 Apache 配置文件,屏蔽掉 TLSv1 加密方式:
SSLProtocol -ALL +SSLv3
或
SSLProtocol +ALL -SSLv2 -TLSv1
或
SSLProtocol ALL -TLSv1
反正只要没有 TLSv1 就能正常工作,经测试,暂时还未发现新问题。
oct 21
When Apache web server with SSL is starting up in FreeBSD system, Apache loads succcessfully and web server functioning properly, but the following warning error occurs:
[warn] (2)No such file or directory: Failed to enable the 'dataready' Accept Filter
The resolution to the above problem is to a accf_data module, which function is to prevents the application from receiving the connected descriptor via accept() until data arrives on the connection, into FreeBSD kernel by using kernel linker:
kldload accf_data
To permanently load enable data Accept Filter FreeBSD kernel module (accf_data), add the following line into /boot/loader.conf:
accf_data_load=”YES”
Note: The default settings is located in /boot/defaults/loader.cnf. To see the related settings about accf, use:
grep accf /boot/defaults/loader.conf
which will returns:
accf_data_load=”NO” # Wait for data accept filter
accf_http_load=”NO” # Wait for full HTTP request accept filter
Recent Comments