Hello all,
It looks like we've run into a limit for the length of a SSL hostname in
relayd.
If we define a relay with a hostname that is longer than 32 characters,
we get the following:
Feb 1 22:14:00 fw02 relayd[22062]: fatal: relay_init: failed to create
SSL context: No buffer space available
However, shorter hostnames do not cause relayd to throw the error. We've
tested this with multiple domain names.
Is this an expected behavior of relayd?
Here is the defined protocol and the relay giving us the issue in
relayd.conf (FQDN censored):
http protocol "httpsfilter" {
tcp { nodelay, sack, socket buffer 65536, backlog 100 }
return error
header append "$REMOTE_ADDR" to "X-Forwarded-For"
header append "$SERVER_ADDR:$SERVER_PORT" to "X-Forwarded-By"
header change "Keep-Alive" to "$TIMEOUT"
ssl { sslv3, tlsv1, no sslv2, ciphers
"HIGH:MEDIUM:!aNULL:+SHA1:+MD5:+HIGH:+MEDIUM" }
}
relay "****************.************.com" {
listen on "****************.************.com" port 443 ssl
protocol "httpsfilter"
forward to <web_hosts> port 443 mode loadbalance check http "/"
code 200
}
--
Thanks,
Andrew Klettke
Optic Fusion NOC
253-830-2943
