[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0

Hi,

Unfortunately, no luck. I'll keep digging. 

Regards,
Niklas

On 5 feb 2011, at 02.37, Mark Pryor wrote:

> Hello,
> 
> not sure about Debian, but on Ubuntu I needed
> 
> $sudo apt-get install ca-certificates ssl-cert
> 
> -- 
> Mark
> 
> 
> --- On Fri, 2/4/11, Niklas Bivald <niklas@xxxxxxxxxx> wrote:
> 
>> From: Niklas Bivald <niklas@xxxxxxxxxx>
>> Subject: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, 
>> etc.) but OK on Dom0
>> To: xen-users@xxxxxxxxxxxxxxxxxxx
>> Date: Friday, February 4, 2011, 6:42 AM
>> Hi,
>> 
>> First of all I've googled this subject a lot (several
>> hours) but right now I'm simply stuck. All my 4 DomU fails
>> SSL handshake:
>> 
>>> niklas@stats:~$ curl -vI https://graph.facebook.com
>>> * About to connect() to graph.facebook.com port 443
>> (#0)
>>> *   Trying 69.63.181.58... connected
>>> * Connected to graph.facebook.com (69.63.181.58) port
>> 443 (#0)
>>> * successfully set certificate verify locations:
>>> *   CAfile: none
>>>    CApath: /etc/ssl/certs
>>> * SSLv3, TLS handshake, Client hello (1):
>> Hangs for 2 minutes...
>>> * Unknown SSL protocol error in connection to
>> graph.facebook.com:443 
>>> * Closing connection #0
>>> curl: (35) Unknown SSL protocol error in connection to
>> graph.facebook.com:443 
>> 
>> 
>> But the same request works fine on Dom0. To make it even
>> more weird, some https requests works. The failure is not
>> program specific (curl, wget and apt-get all has the same
>> error).
>> 
>> Running debian lenny.
>> 
>>> uname -a
>> 
>>> Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13
>> 21:39:38 UTC 2009 x86_64 GNU/Linux
>> 
>> DomUs has a different IP-serie then Dom0
>> (net.ipv4.ip_forward = 1)
>> 
>> I've re-installed openssl, run apt-get upgrade, pretty much
>> all that I can possibly think of. I'm running out of ideas.
>> 
>> Can anyone point me in the right direction?
>> 
>> Example of ssl/https that doesn't work:
>>>     graph.facebook.com (http works fine
>> though)
>>>     apt-get update with the
>> security.debian.org mirror
>> 
>> Example that works:
>>>     www.nordea.se
>> 
>> 
>> Regards,
>> Niklas
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-users
>> 
> 
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.