Kash, Howard M CIV (US)
2013-Nov-25 20:17 UTC
[nsd-users] nsd-control SSL problems (UNCLASSIFIED)
Classification: UNCLASSIFIED Caveats: NONE I've installed NSD 4.0 on two RedHat 6, 64-bit systems and four RedHat 5, 32-bit systems. On the two RHEL6 systems nsd-control works fine. On the four RHEL5 systems, nsd-control gives "error: SSL handshake failed". In the log file it says "error: remote control failed ssl crypto error:140B512D:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed". I've tried removing the certificates and re-running nsd-control-setup with the same result. All attempts are from localhost. RHEL6 uses OpenSSL 1.0.0, whereas RHEL5 uses 0.9.8e, but the NSD documentation doesn't specify a requirement for a particular version. Any ideas? Thanks, Howard Classification: UNCLASSIFIED Caveats: NONE
W.C.A. Wijngaards
2013-Nov-26 09:43 UTC
[nsd-users] nsd-control SSL problems (UNCLASSIFIED)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Howard, On 11/25/2013 09:17 PM, Kash, Howard M CIV (US) wrote:> Classification: UNCLASSIFIED Caveats: NONE > > > I've installed NSD 4.0 on two RedHat 6, 64-bit systems and four > RedHat 5, 32-bit systems. On the two RHEL6 systems nsd-control > works fine. On the four RHEL5 systems, nsd-control gives "error: > SSL handshake failed". In the log file it says "error: remote > control failed ssl crypto error:140B512D:SSL > routines:SSL_GET_NEW_SESSION:ssl session id callback failed". I've > tried removing the certificates and re-running nsd-control-setup > with the same result. All attempts are from localhost. RHEL6 uses > OpenSSL 1.0.0, whereas RHEL5 uses 0.9.8e, but the NSD documentation > doesn't specify a requirement for a particular version. Any > ideas?At the start of nsd-control-setup (a shell script), the line HASH=sha256 change that to HASH=sha1 Then remove the certificates and run the nsd-control-setup script again, and you have different certificates. At the start of the script you can also change the key length (BITS=xx). I am not sure if this will work, but older openssl could not have sha256, I believe. Best regards, Wouter -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSlG0gAAoJEJ9vHC1+BF+NBssP/1K+JqdJwZ6cUnUBg57vxD2p VtxtPYEA447HsUpZ0F7tTu6EJD3ZSH9mtuBy2cE5spISHfNsoNtMt3RveQF9Mivb Q1w2ueYRxjDRDuUO6cRdsOIkeApxWUC0H9fmtFEpQWbrXfJmAQJ8cJDmDo2FepPz rcklLv7T1153F1WMqPT6AhUNZptha4ogO4NQafkI/DSS4tD8eapvv4s9uZ1Qzf9Z kjvVgpYkAf/Mr6lyRLut5c8ISj2lWB5JoLYpG+/7gba5rE9xUMzNvk+pQhh36K7b oOwwIumDP3GjmVIheoDp4k2TJydYNtkxt66S+fXPOqH5F6Loyiz9Xaoi+pvgZteZ AJh5bVa/ZxbKra4zx/nwFR1lLTwTXgEe6u7IpMn+pDCEugYv56/H9fKFzPYq9cuQ 5BGSvzWXoKBrrBE24tpe3v34NWZV2R6fnbKdwMTdhtvjz2+fhLRXWPlOJAsSteBV M9/bPIOdyEHW6Btcx0Cdtome/cGpFEyYq9NVVqSWaRBkkviko2K2Dz2fbwc00RYG 7jgfx5XCJRl1LuV8qECbYZMUGpF5oJ7PRvKFw5IXoX84vTYA/s1NsRpgo6TDUhhT /CROi2wGJqhl5K+RilaO9dw+nKZoLkNXkHYkURrfaLLNyOhR1AUxbtswkWW9UcmG vdq96L/PGjWrhy01Jio7 =XsCe -----END PGP SIGNATURE-----
Kash, Howard M CIV (US)
2013-Nov-26 12:35 UTC
[nsd-users] nsd-control SSL problems (UNCLASSIFIED)
Classification: UNCLASSIFIED Caveats: NONE I've installed NSD 4.0 on two RedHat 6, 64-bit systems and four RedHat 5, 32-bit systems. On the two RHEL6 systems nsd-control works fine. On the four RHEL5 systems, nsd-control gives "error: SSL handshake failed". In the log file it says "error: remote control failed ssl crypto error:140B512D:SSL routines:SSL_GET_NEW_SESSION:ssl session id callback failed". I've tried removing the certificates and re-running nsd-control-setup with the same result. All attempts are from localhost. RHEL6 uses OpenSSL 1.0.0, whereas RHEL5 uses 0.9.8e, but the NSD documentation doesn't specify a requirement for a particular version. Any ideas? Thanks, Howard Classification: UNCLASSIFIED Caveats: NONE