[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0


First of all I've googled this subject a lot (several hours) but right now I'm 
simply stuck. All my 4 DomU fails SSL handshake:

> niklas@stats:~$ curl -vI https://graph.facebook.com
> * About to connect() to graph.facebook.com port 443 (#0)
> *   Trying connected
> * Connected to graph.facebook.com ( port 443 (#0)
> * successfully set certificate verify locations:
> *   CAfile: none
>   CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
Hangs for 2 minutes...
> * Unknown SSL protocol error in connection to graph.facebook.com:443 
> * Closing connection #0
> curl: (35) Unknown SSL protocol error in connection to graph.facebook.com:443 

But the same request works fine on Dom0. To make it even more weird, some https 
requests works. The failure is not program specific (curl, wget and apt-get all 
has the same error).

Running debian lenny.

> uname -a

> Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13 21:39:38 UTC 2009 
> x86_64 GNU/Linux

DomUs has a different IP-serie then Dom0 (net.ipv4.ip_forward = 1)

I've re-installed openssl, run apt-get upgrade, pretty much all that I can 
possibly think of. I'm running out of ideas.

Can anyone point me in the right direction?

Example of ssl/https that doesn't work:
>       graph.facebook.com (http works fine though)
>       apt-get update with the security.debian.org mirror

Example that works:
>       www.nordea.se

Xen-users mailing list



Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.