[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0

  • To: Niklas Bivald <niklas@xxxxxxxxxx>
  • From: Mark Pryor <tlviewer@xxxxxxxxx>
  • Date: Fri, 4 Feb 2011 17:37:16 -0800 (PST)
  • Cc: xen-users@xxxxxxxxxxxxxxxxxxx
  • Delivery-date: Fri, 04 Feb 2011 17:38:33 -0800
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=JmiytsN8Cs8U3ImRgqGo0Fk+M7IlI3Fux2tIEA7HIz6wT1MKZvQL5vr8N56I/cfo25qUOI72V+n6WgT/LvocB/gxMS26ngX0DY75OsLMgTjCEwGhIm2qDFdiQrEupqBCFF2ReennmDLbJnjFdpEN2vnPtYZ/MCzRBFpjKyIsuSY=;
  • List-id: Xen user discussion <xen-users.lists.xensource.com>
Hello,

not sure about Debian, but on Ubuntu I needed

$sudo apt-get install ca-certificates ssl-cert

-- 
Mark


--- On Fri, 2/4/11, Niklas Bivald <niklas@xxxxxxxxxx> wrote:

> From: Niklas Bivald <niklas@xxxxxxxxxx>
> Subject: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, 
> etc.) but OK on Dom0
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Date: Friday, February 4, 2011, 6:42 AM
> Hi,
> 
> First of all I've googled this subject a lot (several
> hours) but right now I'm simply stuck. All my 4 DomU fails
> SSL handshake:
> 
> > niklas@stats:~$ curl -vI https://graph.facebook.com
> > * About to connect() to graph.facebook.com port 443
> (#0)
> > *   Trying 69.63.181.58... connected
> > * Connected to graph.facebook.com (69.63.181.58) port
> 443 (#0)
> > * successfully set certificate verify locations:
> > *   CAfile: none
> >   CApath: /etc/ssl/certs
> > * SSLv3, TLS handshake, Client hello (1):
> Hangs for 2 minutes...
> > * Unknown SSL protocol error in connection to
> graph.facebook.com:443 
> > * Closing connection #0
> > curl: (35) Unknown SSL protocol error in connection to
> graph.facebook.com:443 
> 
> 
> But the same request works fine on Dom0. To make it even
> more weird, some https requests works. The failure is not
> program specific (curl, wget and apt-get all has the same
> error).
> 
> Running debian lenny.
> 
> > uname -a
> 
> > Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13
> 21:39:38 UTC 2009 x86_64 GNU/Linux
> 
> DomUs has a different IP-serie then Dom0
> (net.ipv4.ip_forward = 1)
> 
> I've re-installed openssl, run apt-get upgrade, pretty much
> all that I can possibly think of. I'm running out of ideas.
> 
> Can anyone point me in the right direction?
> 
> Example of ssl/https that doesn't work:
> >     graph.facebook.com (http works fine
> though)
> >     apt-get update with the
> security.debian.org mirror
> 
> Example that works:
> >     www.nordea.se
> 
> 
> Regards,
> Niklas
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.