On 30 January 2014 22:21, Lukas Tribus <luky...@hotmail.com> wrote: > Hi, > > > > If anyone has any thoughts or insights I'd be intrigued to hear them > > and if you want to reproduce and have difficulties doing so I'd be > > happy to help. > > Please provide the smallest config you can reproduce the problem with > and the output of "haproxy -vv". I cannot currently reproduce this. > Also, can you please provide: > ldd haproxy >
[root@localhost ~]# ldd /usr/sbin/haproxy linux-vdso.so.1 => (0x00007fff3e5d1000) libcrypt.so.1 => /lib64/libcrypt.so.1 (0x00007fdd7c79e000) libssl.so.10 => /usr/lib64/libssl.so.10 (0x00007fdd7c541000) libcrypto.so.10 => /usr/lib64/libcrypto.so.10 (0x00007fdd7c1a6000) libpcreposix.so.0 => /usr/lib64/libpcreposix.so.0 (0x00007fdd7bfa4000) libpcre.so.0 => /lib64/libpcre.so.0 (0x00007fdd7bd78000) libc.so.6 => /lib64/libc.so.6 (0x00007fdd7b9e4000) libfreebl3.so => /lib64/libfreebl3.so (0x00007fdd7b782000) libgssapi_krb5.so.2 => /lib64/libgssapi_krb5.so.2 (0x00007fdd7b53e000) libkrb5.so.3 => /lib64/libkrb5.so.3 (0x00007fdd7b257000) libcom_err.so.2 => /lib64/libcom_err.so.2 (0x00007fdd7b053000) libk5crypto.so.3 => /lib64/libk5crypto.so.3 (0x00007fdd7ae27000) libdl.so.2 => /lib64/libdl.so.2 (0x00007fdd7ac22000) libz.so.1 => /lib64/libz.so.1 (0x00007fdd7aa0c000) /lib64/ld-linux-x86-64.so.2 (0x00007fdd7c9db000) libkrb5support.so.0 => /lib64/libkrb5support.so.0 (0x00007fdd7a801000) libkeyutils.so.1 => /lib64/libkeyutils.so.1 (0x00007fdd7a5fd000) libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fdd7a3e3000) libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fdd7a1c6000) libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fdd79fa6000) > yum info glibc > [root@localhost ~]# rpm -qi glibc Name : glibc Relocations: (not relocatable) Version : 2.12 Vendor: CentOS Release : 1.107.el6_4.5 Build Date: Mon 14 Oct 2013 09:14:18 BST Install Date: Thu 30 Jan 2014 17:59:28 GMT Build Host: c6b8.bsys.dev.centos.org Group : System Environment/Libraries Source RPM: glibc-2.12-1.107.el6_4.5.src.rpm Size : 12947502 License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ Signature : RSA/SHA1, Mon 14 Oct 2013 16:44:18 BST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://sources.redhat.com/glibc/ Summary : The GNU libc libraries > yum info glibc-devel > [root@localhost ~]# rpm -qi glibc-devel Name : glibc-devel Relocations: (not relocatable) Version : 2.12 Vendor: CentOS Release : 1.107.el6_4.5 Build Date: Mon 14 Oct 2013 09:14:18 BST Install Date: Thu 30 Jan 2014 17:59:35 GMT Build Host: c6b8.bsys.dev.centos.org Group : Development/Libraries Source RPM: glibc-2.12-1.107.el6_4.5.src.rpm Size : 988726 License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ Signature : RSA/SHA1, Mon 14 Oct 2013 16:44:18 BST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://sources.redhat.com/glibc/ Summary : Object files for development using standard C libraries. > yum info openssl > [root@localhost ~]# rpm -qi openssl Name : openssl Relocations: (not relocatable) Version : 1.0.0 Vendor: CentOS Release : 27.el6_4.2 Build Date: Mon 04 Mar 2013 22:23:22 GMT Install Date: Thu 30 Jan 2014 14:57:25 GMT Build Host: c6b9.bsys.dev.centos.org Group : System Environment/Libraries Source RPM: openssl-1.0.0-27.el6_4.2.src.rpm Size : 3776670 License: OpenSSL Signature : RSA/SHA1, Mon 04 Mar 2013 22:33:47 GMT, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.openssl.org/ Summary : A general purpose cryptography library with TLS implementation > yum info openssl-devel > > [root@localhost ~]# rpm -qi openssl-devel Name : openssl-devel Relocations: (not relocatable) Version : 1.0.0 Vendor: CentOS Release : 27.el6_4.2 Build Date: Mon 04 Mar 2013 22:23:22 GMT Install Date: Thu 30 Jan 2014 14:57:45 GMT Build Host: c6b9.bsys.dev.centos.org Group : Development/Libraries Source RPM: openssl-1.0.0-27.el6_4.2.src.rpm Size : 2162085 License: OpenSSL Signature : RSA/SHA1, Mon 04 Mar 2013 22:33:47 GMT, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.openssl.org/ > Any other dependencies in haproxy? Did you build with compression or pcre > support? Make line in spec file is: make USE_OPENSSL=1 %{?_smp_mflags} CPU="generic" TARGET="linux26" USE_PCRE=1 USE_REGPARM=1 ADDINC="%{optflags} -I/usr/include/pcre" > If yes, please provide: > yum info pcre > [root@localhost ~]# rpm -qi pcre Name : pcre Relocations: (not relocatable) Version : 7.8 Vendor: CentOS Release : 6.el6 Build Date: Fri 07 Sep 2012 12:03:41 BST Install Date: Thu 30 Jan 2014 14:31:53 GMT Build Host: c6b8.bsys.dev.centos.org Group : System Environment/Libraries Source RPM: pcre-7.8-6.el6.src.rpm Size : 526268 License: BSD Signature : RSA/SHA1, Fri 07 Sep 2012 14:12:35 BST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.pcre.org/ Summary : Perl-compatible regular expression library > yum info pcre-devel > [root@localhost ~]# rpm -qi pcre-devel Name : pcre-devel Relocations: (not relocatable) Version : 7.8 Vendor: CentOS Release : 6.el6 Build Date: Fri 07 Sep 2012 12:03:41 BST Install Date: Thu 30 Jan 2014 14:57:48 GMT Build Host: c6b8.bsys.dev.centos.org Group : Development/Libraries Source RPM: pcre-7.8-6.el6.src.rpm Size : 977019 License: BSD Signature : RSA/SHA1, Fri 07 Sep 2012 14:12:35 BST, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.pcre.org/ > yum info zlib > [root@localhost ~]# rpm -qi zlib Name : zlib Relocations: (not relocatable) Version : 1.2.3 Vendor: CentOS Release : 29.el6 Build Date: Thu 21 Feb 2013 23:02:17 GMT Install Date: Thu 30 Jan 2014 14:31:34 GMT Build Host: c6b9.bsys.dev.centos.org Group : System Environment/Libraries Source RPM: zlib-1.2.3-29.el6.src.rpm Size : 152305 License: zlib and Boost Signature : RSA/SHA1, Sat 23 Feb 2013 17:41:52 GMT, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.gzip.org/zlib/ Summary : The zlib compression and decompression library > yum info zlib-devel > > [root@localhost ~]# rpm -qi zlib-devel Name : zlib-devel Relocations: (not relocatable) Version : 1.2.3 Vendor: CentOS Release : 29.el6 Build Date: Thu 21 Feb 2013 23:02:17 GMT Install Date: Thu 30 Jan 2014 14:57:26 GMT Build Host: c6b9.bsys.dev.centos.org Group : Development/Libraries Source RPM: zlib-1.2.3-29.el6.src.rpm Size : 117496 License: zlib and Boost Signature : RSA/SHA1, Sat 23 Feb 2013 17:40:28 GMT, Key ID 0946fca2c105b9de Packager : CentOS BuildSystem <http://bugs.centos.org> URL : http://www.gzip.org/zlib/ Summary : Header files and libraries for Zlib development > Are you able to reproduce this with a "openssl s_connect" command? That > would provide more SSL related output (like the cipher used to connect). > > > My colleague was trying to tie it down to specific ciphers - I'll catch up with him tomorrow to see if he managed to narrow it down... however in a test VM I just went through all of LOW and MEDIUM and only the KRB based and PSK-RC4-SHA where there was not an agreement on cipher to use didn't die ... saying HIGH on it's own had a proper connection. If you have somewhere I can send a VM image to I can cleanse my test image of any of our data and send it on over - compressed it's about a couple of hundred meg I think. Cheers, James