** Changed in: openssl (Ubuntu)
Status: Incomplete => Won't Fix
** Changed in: apache (Ubuntu)
Status: Confirmed => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to a duplicate bug report (857636).
** Changed in: openssl (Ubuntu)
Status: Confirmed => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to a duplicate bug report (857636).
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults when
Jason, it'd probably be best to file a new bug report, openssl and
apache have both changed a fair amount in the last five years.
Thanks
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
This bug has been driving me insane lately - or if it is not the same
bug then the symptoms are identical.
What I have is a 14.04.2 LTS server that has had a Rails app running for
some time without this problem. Now, approx a month ago, I started
seeing this problem where on Firefox I
** Changed in: oem-priority/lucid
Status: New = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults when using TLSv1
To manage
The workaround is to use apache2-mpm-prefork. We haven't seen this
outside of the internal environment. Also, we're upgrading to 12.04
soon, and have been using the workaround for a while now. Hence the low
priority.
** Changed in: apache (Ubuntu)
Importance: Undecided = Low
** Changed in:
workaround in place
** Changed in: oem-priority
Status: Confirmed = Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults when using TLSv1
What's the workaround? You disabled TLSv1?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults when using TLSv1
To manage notifications about this bug go
Okay, hexr is acting up again. Here is some verbose gnutls-client output
:
$ gnutls-cli -d 5 hexr.canonical.com
Resolving 'hexr.canonical.com'...
Connecting to '91.189.89.67:443'...
|3| HSK[0x10e1b30]: Keeping ciphersuite: DHE_RSA_AES_128_CBC_SHA256
|3| HSK[0x10e1b30]: Keeping ciphersuite:
Interestingly, I can't reproduce with openssl. As such, this _may_ be a
different bug than in the description. One important difference between
openssl and both firefox/gnutls is that openssl uses SSLv3, whereas both
firefox and gnutls use TLSv1. So it would appear that hexr handles all
SSLv3
here is the tshark version of a failure when using gnutls
** Attachment added: packet caputre using gnutls
https://bugs.launchpad.net/oem-priority/+bug/795355/+attachment/2681607/+files/output
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
Packet capture of a few attempts to reproduce the failure via 'gnutls-
cli -d 5 hexr.canonical.com'. There will be a few successful handshakes
before there is a failure. You'll notice at frame 1086 we have Alert
(Level: Fatal, Description: Bad Record MAC) sent from the client to the
server,
See previous comment.
One thing I forgot to mention is both of these captures look pretty
dirty on the TCP protocol level, with dup acks from the server to me and
other weirdness.
** Attachment added: hexr_failure_firefox.pcap
Capture illustrating several successful connections with openssl
s_client -connect hexr.canonical.com:443. The large difference here is
that openssl uses SSLv3 as opposed to TLSv1. No duplicate acks here for
whatever reason.
** Attachment added: hexr_succed_openssl.pcap
Packet capture of a few attempts to reproduce the failure with firefox.
There will be a few successful handshakes before there is a failure.
You'll notice at frame 1086 we have TLSv1 Record Layer: Alert (Level:
Fatal, Description: Decrypt Error) sent from the client to the server,
notifying that
** Summary changed:
- Intermittent SSL connection faults
+ Intermittent SSL connection faults when using TLSv1
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL
** Changed in: oem-priority
Importance: High = Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults when using TLSv1
To manage notifications
another report, with openssl 0.9.8g http://www.hiawatha-
webserver.org/weblog/24
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults when using TLSv1
To
could be a memory allocation issue.
https://code.google.com/p/cherokee/issues/detail?id=594
** Bug watch added: code.google.com/p/cherokee/issues #594
http://code.google.com/p/cherokee/issues/detail?id=594
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
** Also affects: apache (Ubuntu)
Importance: Undecided
Status: New
** Changed in: apache (Ubuntu)
Status: New = Confirmed
** Changed in: apache (Ubuntu)
Assignee: (unassigned) = Canonical Server Team (canonical-server)
--
You received this bug notification because you are
I tried to reproduce this, and unfortunately I haven't been able to get
any failures since I did the first time in comment #24. When it does
happen it is because the certificate is invalid.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to
I don't have an easy, nor hard way, to reproduce this. At one point we
suspected SNI was the culprit, because while the problem was happening,
disabling it on the client made it work, but later that was not
confirmed.
I also left a machine up with about 5 SSL vhosts and a script connecting
to
This happened a lot yesterday on the hexr.canonical.com server. It's not
in a pattern I can predict, nor does it only happen on certain pages.
When it's happening, it affects both serving of the web app and the
static assets.
--
You received this bug notification because you are a member of
Okay, I just got a failure from hexr. I'm going to debug this as much as
possible from the client side and then we'll take a look in to debugging
hexr to diagnose the problem.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Would one of those affected be able to point me to either a test system
or an easy way to reproduce the problem? I think more debugging data is
needed.
** Changed in: openssl (Ubuntu)
Assignee: (unassigned) = James M. Leddy (jm-leddy)
--
You received this bug notification because you are a
Interesting, comment #18 seems to confirm this is an apache bug, or at
least that apache2-mpm-prefork is required to reproduce this problem.
However, the bug description points to this being a problem in the
library because of anecdotal dovecot errors. Does anyone know if those
dovecot bugs were
On the contrary, apache2-mpm-worker is required to reproduce the
problem. The problem does not happen with apache2-mpm-prefork.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
** Changed in: oem-priority
Assignee: Colin Watson (cjwatson) = Steve Magoun (smagoun)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults
To manage
Since I switched from apache2-mpm-worker to apache2-mpm-prefork over a
month ago, the problem has not happened even once.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent
Since it wasn't an issue with openssl, I think the next step to try
would be a backport of apache2 from Oneiric to lucid...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent
I was seeing this exact error (on Lucid), and yesterday I switched from
apache2-mpm-worker to apache2-mpm-prefork and so far after 24 hours the
problem hasn't happened again. It's too early to tell if this is a
permanent fix but you might consider trying this and see if it helps.
--
You
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: openssl (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
The natty-lucid backport was completed (and installed on oem-ibs), and
the same issue was experienced again yesterday.
What other information/testing can IS provide?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
@Darren - did you try the natty--Lucid backport you mentioned in
comment #6?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults
To manage notifications
** Also affects: oem-priority/lucid
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults
To manage
** Changed in: oem-priority
Assignee: Canonical Platform QA Team (canonical-platform-qa) = Canonical
Foundations Team (canonical-foundations)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Colin, do you know what's going on here?
** Changed in: oem-priority
Assignee: Canonical Foundations Team (canonical-foundations) = Colin
Watson (cjwatson)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Set OEM-Priority importance, this is driving us nuts :)
** Changed in: oem-priority
Status: New = Confirmed
** Changed in: oem-priority
Importance: Undecided = High
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
** Changed in: oem-priority
Assignee: (unassigned) = Canonical Platform QA Team
(canonical-platform-qa)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection
** Also affects: oem-priority
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults
To manage notifications
Right now, admin.landscape.canonical.com is failing again:
andreas@nsn2:~$ gnutls-cli admin.landscape.canonical.com
Resolving 'admin.landscape.canonical.com'...
Connecting to '91.189.90.188:443'...
*** Fatal error: Decryption has failed.
*** Handshake has failed
GNUTLS ERROR: Decryption has
I guess the output is not so interesting after all. It only shows that
gnutls-cli-debug didn't manage to establish a secure session. After the
graceful, it's working again as expected.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Do any of you have compression (deflate) enabled server-side on these
machines where the error occurs?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults
On 06/28/2011 04:02 AM, Andreas Hasenack wrote:
Do any of you have compression (deflate) enabled server-side on these
machines where the error occurs?
Deflate was disabled during inital testing on the oem-ibs site.
--
You received this bug notification because you are a member of Ubuntu
I also see this with other servers, like admin.landscape.canonical.com.
We are using a wildcard cert, I suspect the OP is too.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Interesting...I think the next thing to try would be a backport of
openssl from natty to lucid. I can prepare one if you are willing to
give it a try...
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Do you know of some good debugging options we could use on the server
side? I'm reading through the docs right now. We could enable debugging
on our staging server I think, even if it takes days or weeks for the
problem to happen again.
About trying the backport, I'll leave that question for our
Not really, besides LogLevel debug, but that will fill up your log
file.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults
To manage notifications
Hi I'll try backporting the Natty openssl package and see how it goes.
Not using a wildcard cert, although I have tested with one, as well as
two seperate certs.
I have plenty of Apache debug logs, I'll distill some and upload when I
have a moment Here's an ssldump that accompanied the s_client
And Lucid openssl 0.9.8k-7ubuntu8.6
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/795355
Title:
Intermittent SSL connection faults
To manage notifications about this bug go to:
50 matches
Mail list logo
