$ openssl ciphers -v
'ALL:!SSLv2:!eNULL:!aNULL:!LOW:!EXPORT:!kECDH:!MD5:@STRENGTH' \
| while read C dumb; do
echo -n "# $C "
openssl s_client -connect 176.31.104.63:443 -cipher $C <
/dev/null > /dev/null 2>&1 \
&& echo OK \
|| echo FAIL \
done \
| sort -k 3 \
Hi,
If it can help, I've been in touch with Emeric about SSL handshake
failure since
some times now but it's maybe preferable to use the ML to share
experience.
I'm using the following cipher filter list :
'ALL:!SSLv2:!eNULL:!aNULL:!LOW:!EXPORT:!kECDH:!MD5:@STRENGTH'
The PEM file I used is
On Fri, Apr 26, 2013 at 06:22:57PM +, Connelly, Zachary (CGI Federal) wrote:
> Two things:
>
>
>
> 1. After taking the two patches, ran version and am definitely getting
> different versions. I'll have to look into how this could be with the admins
> some more.
>
> Built with OpenSS
Two things:
1. After taking the two patches, ran version and am definitely getting
different versions. I'll have to look into how this could be with the admins
some more.
Built with OpenSSL version : OpenSSL 1.0.0a 1 Jun 2010
Running on OpenSSL version : OpenSSL 0.9.8y 5 Feb 2013 (VERS
Thanks Willy/Emeric! I will try and track down the OpenSSL and we have and
ensure we got the right versions. I did add the ADDINC parameter to the build
to explicitly point to the include linked with the lib and same error occurred.
I will also download the two fixes from today and see if the de
On Fri, Apr 26, 2013 at 06:25:38PM +0200, Willy Tarreau wrote:
> We've checked with Emeric and I can confirm that the SSL struct changed
> between the two versions, which exactly explains the 8 bytes offset we
> found for ssl->sid_ctx_length which pointed to some wrong location.
>
> I have added a
-
From: Emeric Brun [mailto:eb...@exceliance.fr]
Sent: Friday, April 26, 2013 6:04 AM
To: Connelly, Zachary (CGI Federal)
Cc: Lukas Tribus; Baptiste; haproxy@formilux.org
Subject: Re: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Hi don't understand:
You said using openssl
Zack,
On Fri, Apr 26, 2013 at 02:12:46PM +, Connelly, Zachary (CGI Federal) wrote:
> Emeric,
>
> I'm not sure about that either actually. We definitely only have 0.9.8~
> versions on the box and I explicitly reference the 0.9.8y library when I
> compile the executable:
>
> TARGET=linux26 USE
Zack
-Original Message-
From: Emeric Brun [mailto:eb...@exceliance.fr]
Sent: Friday, April 26, 2013 6:04 AM
To: Connelly, Zachary (CGI Federal)
Cc: Lukas Tribus; Baptiste; haproxy@formilux.org
Subject: Re: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Hi don't understan
xy@formilux.org
*Subject:* RE: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Hi!
Please also note that the second SOAP call made that fails
the handshake also causes the HAProxy server to crash.
Could you:
- use latest snapshot from [1]
- provide the output of haproxy -vv
- c
Hi!
> report the exact snapshot you used.
He is at current HEAD by using 20130425 with c621d36ba applied
manually on it (linux 2.6.18 without tproxy support).
He also saw the crashes in -dev18, but I had him update the code.
Thanks,
Lukas
Hi Zack,
On Thu, Apr 25, 2013 at 08:46:57PM +, Connelly, Zachary (CGI Federal) wrote:
> Lukas (et al),
>
> I pulled down the latest code and compiled (thanks for the build fix). I'm
> still getting the same problem with the latest code. Despite compiling with
> the debug options as specified
ing list.
I'm CC'ing the list, maybe someone else finds this useful.
Regards,
Lukas
> From: zachary.conne...@cgifederal.com
> To: luky...@hotmail.com
> Subject: RE: Follow-up on thread 'SSL handshake failure' from 2/5/2
Cc: haproxy@formilux.org
Subject: RE: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Lukas (et al),
Here's what I have so far:
1. use latest snapshot from [1] - I'll work on this today
2. provide the output of haproxy -vv - Output below
Sharing sig_handl
From: Lukas Tribus [mailto:luky...@hotmail.com]
Sent: Wednesday, April 24, 2013 12:36 PM
To: Connelly, Zachary (CGI Federal); Baptiste
Cc: haproxy@formilux.org
Subject: RE: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Hi!
> Please also note that the second SOAP call mad
Hi!
> Please also note that the second SOAP call made that fails
> the handshake also causes the HAProxy server to crash.
Could you:
- use latest snapshot from [1]
- provide the output of haproxy -vv
- can you tell us OS, kernel and openssl version?
- compile haproxy with debug and without compi
oxy@formilux.org>
Subject: Re: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Hi Zachary,
It sounds your application server is not aware the connections was made over a
SSL socket on HAProxy frontend and tries to redirect the user on the same
socket but on HTTP protocol.
Hi Zachary,
It sounds your application server is not aware the connections was
made over a SSL socket on HAProxy frontend and tries to redirect the
user on the same socket but on HTTP protocol.
To figure out if this is really the case, and to know how to fix it,
you can read this blog article:
htt
18 matches
Mail list logo