The EPEL packaging replaces proxy.config.ssl.server.cipher_suite defaults to use system crypto policies (https://docs.fedoraproject.org/en-US/packaging-guidelines/CryptoPolicies/) however this feature was not introduced until RHEL 8. So fllowed official document "Get started -> Configuring A Reverse Proxy" not working. Here is the full log: [Jun 29 15:12:47.648] traffic_server STATUS: opened /var/log/trafficserver/diags.log [Jun 29 15:12:47.648] traffic_server NOTE: updated diags config [Jun 29 15:12:47.695] traffic_server NOTE: storage.config loading ... [Jun 29 15:12:47.697] traffic_server NOTE: storage.config finished loading [Jun 29 15:12:47.730] traffic_server NOTE: ip_allow.yaml loading ... [Jun 29 15:12:47.732] traffic_server NOTE: ip_allow.yaml finished loading [Jun 29 15:12:47.733] traffic_server NOTE: parent.config loading ... [Jun 29 15:12:47.733] traffic_server NOTE: parent.config finished loading [Jun 29 15:12:47.734] traffic_server NOTE: /etc/trafficserver/logging.yaml loading ... [Jun 29 15:12:47.735] traffic_server NOTE: /etc/trafficserver/logging.yaml finished loading [Jun 29 15:12:47.737] traffic_server NOTE: logging initialized[3], logging_mode = 3 [Jun 29 15:12:47.737] traffic_server NOTE: Initialized plugin_dynamic_reload_mode: 1 [Jun 29 15:12:47.737] traffic_server NOTE: plugin.config loading ... [Jun 29 15:12:47.738] traffic_server NOTE: plugin.config finished loading [Jun 29 15:12:47.741] traffic_server ERROR: SSL::139969208883328:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match:ssl_lib.c:1383 [Jun 29 15:12:47.741] traffic_server ERROR: invalid client cipher suite in records.config Here is the build info: (traffic_server -V) Traffic Server 9.1.2 Jun 15 2022 15:39:22 buildvm-x86-03.iad2.fedoraproject.org traffic_server: using root directory '/usr' Apache Traffic Server - traffic_server - 9.1.2 - (build # 061515 on Jun 15 2022 at 15:39:22) This followed github: https://github.com/apache/trafficserver/issues/8929
Thanks for catching this error! This should be fixed in trafficserver-9.1.2-9 which will be in epel-testing soon. (I am not sure why the build hasn't pushed to the update system yet. You can watch for it here: https://bodhi.fedoraproject.org/updates/?search=trafficserver) Once it's pushed you can give it a try with: yum install trafficserver --enablerepo=epel-testing This will push to stable in 7 days (unless it gets karma from testing beforehand).
Ah -- I see that I missed a workflow step. Pushing to testing now.
FEDORA-EPEL-2022-4ad5431d31 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4ad5431d31
FEDORA-EPEL-2022-4ad5431d31 has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2022-4ad5431d31 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-EPEL-2022-4ad5431d31 has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report.