Ski Kacoroski wrote: > Hi, > > The situation is that a friend's datacenter lost all power. Once power > was restored their main web server (solaris 8, apache 1.3.26, openssl > 0.9.6g) would not run and ssh did not work. They found that prngd was > not working and the config file in /etc was missing so they copied over > a config file from a test server and voila, ssh works, but apache still > fails with this error: > > [Thu Oct 29 23:36:46 2009] [error] mod_ssl: Init: (www.company.org:443) > Unable to create SSL Proxy context (OpenSSL library error follows) > [Thu Oct 29 23:36:46 2009] [error] OpenSSL: > error:140A90A1:lib(20):func(169):reason(161) > > Searching the web, this seems to have something to do with > > "I would therefore say, function 169 (SSL_CTX_new) complains about error > 161 LIBRARY_HAS_NO_CIPHERS. You did not call SSL_library_init()." > > It starts fine if you disable ssl. Now to confuse things even more, she > has two versions of apache. The version that fails (above) is has a > process limit of 512 (call it binary512). For grins my friend tried an > older binary that has a process limit of 256 (call it binary256) and it > worked. Aha she thought, perhaps the binary512 is corrupted so she > copied over the binary512 from the test machine where it works fine and > tried to run it on the production server. No luck. BTW the way, both > binaries are built with ssl statically linked into them. > > Any ideas on how to debug this? Since there was file corruption the > best solution would be to rebuild the server, but that is really not an > option (lack of hardware and who knows where the cd's are to rebuild > it). What has me confused is why binary512 works on the test server and > not on the production server and why binary256 works on both servers. > The only difference that I know of is the prngd problem and I am not > sure how this could be causing a problem. > > Thanks for your comments and thoughts. > > cheers > > ski >
So, marginally apropos, but why not just use /dev/random? There's a patch for Solaris8 that supplies /dev/random. Why run and depend on an extra process (prngd) when you don't need to? _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
