Dave, Thanks for your response. Please find the response for your queries below.
1. Yes, we are trying to upgrade it. But before that we are trying it in our testbeds and all possible options for the fix. 2. The errno is 104 and it is "Connection reset by peer" 3. Can you help us with the above errno and our next step will be to take the tcpdump / network trace. 4. We will check on the iptables and the setup. Thanks & Regards ________________________ Karthikeyan Thirumal ADD-Web-NXP-India, Application Development Delivery iNautix Technologies India Private Limited, an affiliate of Pershing LLC, a subsidiary of The Bank of New York Mellon Corporation http://www.inautix.co.in VOIP: 612-15112 Email: kthiru...@inautix.co.in<mailto:kthiru...@inautix.co.in> Information Classification: Internal Use Only From: owner-openssl-us...@openssl.org [mailto:owner-openssl-us...@openssl.org] On Behalf Of Dave Thompson Sent: Tuesday, January 07, 2014 4:08 AM To: openssl-users@openssl.org Subject: RE: Open SSL errors increase in Linux compared with Solaris 1: 0.9.8a is VERY old, and contains quite a few security flaws that have been fixed since. Even if your application(s) can't accept the fairly small changes needed to move to 1.0.0 or better 1.0.1, try at least to move up to or near 0.9.8y. 2: whenever you get ERROR_SYSCALL you should always look at errno on Unix (or [WSA}GetError() on Windows). What is it? 3: there are various TCP or (mostly) IP level errors that can cause a TCP connection initiation (also called handshake, but not to be confused with the SSL/TLS handshake) to fail. It wouldn't surprise me if the Linux stack returns errors to the application process in some cases that Solaris does not - or vice versa. If the errno value isn't specific enough, get a network trace on the Linux box (with tcpdump) or a machine very close: I like wireshark on Windows, also available for MacOSX, and usually one of those either exists or can be temporarily put on the desired network segment. 4: it is also possible there are actually more errors. Are you sure the Linux box's network adapter and cable are solidly good? Do any other applications (especially inbound) on that box get errors? Linux or at least most versions have iptables which functions as an IP firewall - is yours set in a way that interferes with some (or even all?) desired TCP connections? From: owner-openssl-us...@openssl.org<mailto:owner-openssl-us...@openssl.org> [mailto:owner-openssl-us...@openssl.org] On Behalf Of Arjunan, Karthikeyan Sent: Thursday, January 02, 2014 06:14 To: openssl-users@openssl.org<mailto:openssl-users@openssl.org> Cc: Arjunan, Karthikeyan Subject: Open SSL errors increase in Linux compared with Solaris Hi, We have migrated from openssl-0.9.8a Solaris to Linux version. We find that there is a drastic increase in the SSL_ERROR_SYSCALL in Linux openssl version compared to Solaris. I am using SSL_accept which returns a negative value . The return code for SSL_get_error is 5. Please advise how to reduce the increase in error . Thanks, Karthikeyan Arjunan ****************************************************** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. ****************************************************** ****************************************************** This message and any files or attachments sent with this message contain confidential information and is intended only for the individual named. If you are not the named addressee, you should not disseminate, distribute, copy or use any part of this email. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return Email. Email transmission cannot be guaranteed to be secure or error-free as information can be intercepted, corrupted, lost, destroyed, late, incomplete or may contain viruses. The sender, therefore, does not accept liability for any errors or omissions in the contents of this message, which arise as a result of email transmission. ******************************************************
