Hi Andreas, Unbound sets SSL_CTX_set_cipher_list(rc->ctx, "aNULL") in daemon/remote.c, you can get the list of aNULL ciphers(1) with $ openssl ciphers aNULL For me that is a long list of ciphers.
I do not really know what the correct list is to set here. It seems reasonable that authentication has already been handled by dh and unix socket. Best regards, Wouter On 03/11/16 14:38, A. Schulze via Unbound-users wrote: > > Hello, > > after update from 1.5.9 to 1.5.10 "unbound-control reload" no longer work: > > the relevant unbound.conf section: > remote-control: > control-enable: yes > control-interface: /path/to/unbound-control.socket > control-use-cert: no > > # ls -la /path/to/unbound-control.socket > srw-rw---- 1 unbound unbound 0 Nov 3 14:24 /path/to/unbound-control.socket > > # unbound-control reload > error: SSL handshake failed > 140666240513792:error:141640B5:SSL > routines:tls_construct_client_hello:no ciphers > available:ssl/statem/statem_clnt.c:815: > > Andreas
signature.asc
Description: OpenPGP digital signature
