Hi Zack,
On Thu, Apr 25, 2013 at 08:46:57PM +, Connelly, Zachary (CGI Federal) wrote:
Lukas (et al),
I pulled down the latest code and compiled (thanks for the build fix). I'm
still getting the same problem with the latest code. Despite compiling with
the debug options as specified
Hi!
report the exact snapshot you used.
He is at current HEAD by using 20130425 with c621d36ba applied
manually on it (linux 2.6.18 without tproxy support).
He also saw the crashes in -dev18, but I had him update the code.
Thanks,
Lukas
@formilux.org
*Subject:* RE: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Hi!
Please also note that the second SOAP call made that fails
the handshake also causes the HAProxy server to crash.
Could you:
- use latest snapshot from [1]
- provide the output of haproxy -vv
- can you tell us
-Original Message-
From: Emeric Brun [mailto:eb...@exceliance.fr]
Sent: Friday, April 26, 2013 6:04 AM
To: Connelly, Zachary (CGI Federal)
Cc: Lukas Tribus; Baptiste; haproxy@formilux.org
Subject: Re: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Hi don't understand:
You said using
Zack,
On Fri, Apr 26, 2013 at 02:12:46PM +, Connelly, Zachary (CGI Federal) wrote:
Emeric,
I'm not sure about that either actually. We definitely only have 0.9.8~
versions on the box and I explicitly reference the 0.9.8y library when I
compile the executable:
TARGET=linux26
On Fri, Apr 26, 2013 at 06:25:38PM +0200, Willy Tarreau wrote:
We've checked with Emeric and I can confirm that the SSL struct changed
between the two versions, which exactly explains the 8 bytes offset we
found for ssl-sid_ctx_length which pointed to some wrong location.
I have added a
Thanks Willy/Emeric! I will try and track down the OpenSSL and we have and
ensure we got the right versions. I did add the ADDINC parameter to the build
to explicitly point to the include linked with the lib and same error occurred.
I will also download the two fixes from today and see if the
Two things:
1. After taking the two patches, ran version and am definitely getting
different versions. I'll have to look into how this could be with the admins
some more.
Built with OpenSSL version : OpenSSL 1.0.0a 1 Jun 2010
Running on OpenSSL version : OpenSSL 0.9.8y 5 Feb 2013
On Fri, Apr 26, 2013 at 06:22:57PM +, Connelly, Zachary (CGI Federal) wrote:
Two things:
1. After taking the two patches, ran version and am definitely getting
different versions. I'll have to look into how this could be with the admins
some more.
Built with OpenSSL
Hi,
If it can help, I've been in touch with Emeric about SSL handshake
failure since
some times now but it's maybe preferable to use the ML to share
experience.
I'm using the following cipher filter list :
'ALL:!SSLv2:!eNULL:!aNULL:!LOW:!EXPORT:!kECDH:!MD5:@STRENGTH'
The PEM file I used is
Tribus [mailto:luky...@hotmail.com]
Sent: Wednesday, April 24, 2013 12:36 PM
To: Connelly, Zachary (CGI Federal); Baptiste
Cc: haproxy@formilux.org
Subject: RE: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Hi!
Please also note that the second SOAP call made that fails
the handshake
Subject: RE: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Lukas (et al),
Here's what I have so far:
1. use latest snapshot from [1] - I'll work on this today
2. provide the output of haproxy -vv - Output below
Sharing sig_handlers with pipe
Sharing pendconn with pipe
HA
list.
I'm CC'ing the list, maybe someone else finds this useful.
Regards,
Lukas
From: zachary.conne...@cgifederal.com
To: luky...@hotmail.com
Subject: RE: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Date: Thu, 25 Apr 2013 20:41:47 +
@formilux.org
Subject: Re: Follow-up on thread 'SSL handshake failure' from 2/5/2013
Hi Zachary,
It sounds your application server is not aware the connections was made over a
SSL socket on HAProxy frontend and tries to redirect the user on the same
socket but on HTTP protocol.
To figure out
Hi!
Please also note that the second SOAP call made that fails
the handshake also causes the HAProxy server to crash.
Could you:
- use latest snapshot from [1]
- provide the output of haproxy -vv
- can you tell us OS, kernel and openssl version?
- compile haproxy with debug and without
Hi Zachary,
It sounds your application server is not aware the connections was
made over a SSL socket on HAProxy frontend and tries to redirect the
user on the same socket but on HTTP protocol.
To figure out if this is really the case, and to know how to fix it,
you can read this blog article:
16 matches
Mail list logo
