ERR_SSL_VERSION_OR_CIPHER_MISMATCH

#1
Hello, our technical team tried to fix the error on litespeed web server: ERR_SSL_VERSION_OR_CIPHER_MISMATCH it showes up after we fixed remoteip_module in apache so it can show the real ip adresses because we have AntyDDoS protection similar to cloudflare

Apache is working fine but litespeed no, but after we made some changes in apache this error showes up all the time after switching to litespeed

This is some changes and updates from our AntyDDoS Team:

Your administrators have bound the IP addresses of external services (anti-DDoS protection) in the configuration file. In addition, the "RemoteIPProxyProtocol On" parameter was not added, which we linked in example configurations sent in e-mail correspondence. In addition, we have excluded WAF protected websites from this "RemoteIPProxyProtocolExceptions 193.70.36.214" option so that All services can work properly due to the specifics in your configuration.

Pages switched to LiteSpeed do not use the Apache configuration, and therefore will not work (no "RemoteIPProxyProtocol On" parameter, websites cannot process requests from outside the proxy).

And still today our technical team tried to fix the problem but..

I could see the Litespeed is using the apache configuration config file but it was fetching the file on a wrong path. I have correctly configured the path on LiteSpeed and also Apache Binary Path was also wrongly configured on LiteSpeed and I have also corrected the same, you can verify the same from https://pasteboard.co/IOuxPRX.png
But the sites are still showing some issues.
I haven't fixed the issue until now. I have tried to add virtual host entry for the domain and it doesn't resolve the issue.
----------------------------------------------------------------------------------------------------------------------------------------------------------

Waiting for some reply from LiteSpeed team.
 
Last edited:

mistwang

LiteSpeed Staff
#6
We will certainly add that to our feature requests.
Implement that will take time.
If staying with the current layer4 Anti-DDoS service is the only choice, you cannot use LiteSpeed now.
Sorry about that.
 
#7
We will certainly add that to our feature requests.
Implement that will take time.
If staying with the current layer4 Anti-DDoS service is the only choice, you cannot use LiteSpeed now.
Sorry about that.
Sir, what's the point of me having litespeed web server if my services can go down in just 1 second.
AntyDDoS protection in our company is a priority, our clients' services must be uptime 24/7, your protection is no protection, we have advanced technology that protects us against all harmful attacks.
If someone will tell me that mod_security can secure your websites, no it can't, mod_security is an open source solution which doesen't really help that much, specially on DoS large DDoS attacks ;).

If you don't support a simple Apache module, unfortunately I can't use your software.

We tried to integrate it for several hours, but to no luck. Apache has no problems with this.

That's why we resigned with LiteSpeed due to incompatibility
 

Pong

Administrator
Staff member
#8
RemoteIPProxyProtocol has been added to our to do list. You can switch back to apache at this stage until Litespeed includes it in the future release.
 
Top