Hi, we run into some trouble using the pound 2.6 on CentOS 6.1. For security reasons we need the RC4-SHA Cipher as prefered by the server. This can be accomplished by the SSLHonorCipherOrder 1 directive. The normal 2.6 pound-version is not aware of this, but a 2.6f with a patch (http://goochfriend.org/pound_2.6f_ssl_renegotiation_and_ciphers.patch) by Joe Gooch ([Pound Mailing List] SSL renegotiation DDoS and Pound http://www.mail-archive.com/[email protected]/msg01434.html) the system is able to handle this. We applied the patch to a 2.6f and the pound starts to work with the directive. But we see a lot of seg-faults in the logfile:
Feb 1 13:34:26 pilotpound pound: 2xx.xxx.xxx.x47 GET / HTTP/1.1 - REDIRECT https://www.xxx.xx/ Feb 1 13:34:26 pilotpound kernel: pound[26808]: segfault at 4 ip 08051f5c sp b761fce0 error 4 in pound[8048000+18000] Feb 1 13:34:26 pilotpound pound: MONITOR: worker exited on signal 11, restarting... Feb 1 13:34:28 pilotpound kernel: pound[26936]: segfault at 4 ip 08051f5c sp b77e6ce0 error 4 in pound[8048000+18000] Feb 1 13:34:28 pilotpound pound: MONITOR: worker exited on signal 11, restarting... Feb 1 13:34:30 pilotpound kernel: pound[27067]: segfault at 4 ip 08051f5c sp b77e6ce0 error 4 in pound[8048000+18000] Feb 1 13:34:30 pilotpound pound: MONITOR: worker exited on signal 11, restarting... Feb 1 13:34:32 pilotpound kernel: pound[27198]: segfault at 4 ip 08051f5c sp b77e6ce0 error 4 in pound[8048000+18000] Feb 1 13:34:32 pilotpound pound: MONITOR: worker exited on signal 11, restarting... Feb 1 13:34:34 pilotpound pound: NULL get_thr_arg Feb 1 13:34:34 pilotpound kernel: pound[27329]: segfault at 4 ip 08051f5c sp b77e6ce0 error 4 in pound[8048000+18000] Feb 1 13:34:34 pilotpound pound: MONITOR: worker exited on signal 11, restarting... Feb 1 13:34:36 pilotpound pound: NULL get_thr_arg Feb 1 13:34:36 pilotpound pound: NULL get_thr_arg Feb 1 13:34:36 pilotpound kernel: pound[27460]: segfault at 4 ip 08051f5c sp b77e6ce0 error 4 in pound[8048000+18000] Feb 1 13:34:36 pilotpound kernel: pound[27464]: segfault at 4 ip 08051f5c sp b76e2ce0 error 4 in pound[8048000+18000] Feb 1 13:34:36 pilotpound pound: MONITOR: worker exited on signal 11, restarting... ... There is no trouble with the 2.6f without the patch. Is there a way to get a working pound with SSLHonorCipherOrder awareness for us ? Any suggestions are welcome fatcharly -- Empfehlen Sie GMX DSL Ihren Freunden und Bekannten und wir belohnen Sie mit bis zu 50,- Euro! https://freundschaftswerbung.gmx.de -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
