search for: ssl_session_cache

.../var/lib/puppet/ssl/ca/ca_crl.pem; ssl_client_certificate /var/lib/puppet/ssl/certs/ca.pem; ssl_ciphers SSLv2:-LOW:-EXPORT:RC4+RSA; ssl_prefer_server_ciphers on; ssl_verify_client optional; ssl_verify_depth 1; ssl_session_cache shared:SSL:128m; ssl_session_timeout 5m; } } and the puppet.conf [main] # The Puppet log directory. # The default value is ''$vardir/log''. logdir = /var/log/puppet # Where Puppet PID files are kept. # The default value is &...

...reuse SSL sessions in named-based virtual hosts in unrelated contexts, allowing to bypass client certificate authentication in some configurations (CVE-2025-23419). The problem affects nginx 1.11.4 and newer built with OpenSSL if the TLSv1.3 protocol and session resumption are enabled either with ssl_session_cache or ssl_session_tickets. The problem is fixed in 1.26.3 and 1.27.4.

...льзование SSL-сессии в контексте другого виртуального сервера позволяло в некоторых конфигурациях обойти проверку клиентских сертификатов (CVE-2025-23419). Проблеме подвержен nginx 1.11.4 и новее, если он собран с OpenSSL и разрешены протокол TLSv1.3 и повторное использование SSL-сессий при помощи ssl_session_cache или ssl_session_tickets. Проблема исправлена в nginx 1.26.3, 1.27.4.

Changes with nginx 1.2.8 02 Apr 2013 *) Bugfix: new sessions were not always stored if the "ssl_session_cache shared" directive was used and there was no free space in shared memory. Thanks to Piotr Sikora. *) Bugfix: responses might hang if subrequests were used and a DNS error happened during subrequest processing. Thanks to Lanshun Zhou. *) Bugfix: in th...

...5. *) Bugfix: the $date_local variable has an incorrect value, if the "%s" format was used. Thanks to Maxim Dounin. *) Bugfix: nginx did not support all ciphers and digests used in client certificates. Thanks to Innocenty Enikeew. *) Bugfix: if ssl_session_cache was not set or was set to "none", then during client certificate verify the error "session id context uninitialized" might occur; the bug had appeared in 0.7.1. *) Bugfix: OpenSSL-1.0.0 compatibility on 64-bit Linux. Thanks to Maxim Dounin. *) Bu...

...×ÌÅÎÉÅ: ÐÅÒÅÍÅÎÎÁÑ $date_local ×ÙÄÁ×ÁÌÁ ÎÅ×ÅÒÎÏÅ ×ÒÅÍÑ, ÅÓÌÉ ÉÓÐÏÌØÚÏ×ÁÌÓÑ ÆÏÒÍÁÔ "%s". óÐÁÓÉÂÏ íÁËÓÉÍÕ äÕÎÉÎÕ. *) éÓÐÒÁ×ÌÅÎÉÅ: nginx ÎÅ ÐÏÄÄÅÒÖÉ×ÁÌ ×ÓÅ ÛÉÆÒÙ, ÉÓÐÏÌØÚÕÅÍÙÅ × ËÌÉÅÎÔÓËÉÈ ÓÅÒÔÉÆÉËÁÔÁÈ. óÐÁÓÉÂÏ éÎÎÏËÅÎÔÉÀ åÎÉËÅÅ×Õ. *) éÓÐÒÁ×ÌÅÎÉÅ: ÅÓÌÉ ssl_session_cache ÎÅ ÂÙÌ ÕÓÔÁÎÏ×ÌÅÎ ÉÌÉ ÕÓÔÁÎÏ×ÌÅÎ × none, ÔÏ ÐÒÉ ÐÒÏ×ÅÒËÅ ËÌÉÅÎÔÓËÏÇÏ ÓÅÒÔÉÆÉËÁÔÙ ÍÏÇÌÁ ÐÒÏÉÓÈÏÄÉÔØ ÏÛÉÂËÁ "session id context uninitialized"; ÏÛÉÂËÁ ÐÏÑ×ÉÌÁÓØ × 0.7.1. *) éÓÐÒÁ×ÌÅÎÉÅ: ÓÏ×ÍÅÓÔÉÍÏÓÔØ Ó OpenSSL-1.0.0 ÎÁ 64-ÂÉÔÎÏÍ Linux. óÐÁÓÉÂÏ íÁËÓÉÍÕ äÕÎÉÎÕ....

...-Error: 504 Gateway Time-out> err: Could not retrieve catalog: HTTP-Error: 504 Gateway Time-out warning: Not using cache on failed catalog real 4m23.383s user 1m10.460s sys 3m8.400s I''m using the setup with nginx described on the wiki [3] I then tried to adjust ssl_session_timout and ssl_session_cache with giving them 10m more. However this didn''t change anything. One run was aborted after the same amount of time. I realized then on the master that it used a hell lot more of memory and that it was nearly by trashing. So I examined more the master and saw, that one of the 4 puppetmaster...

Over the years many shops have come to start running puppet via cron to address memory leaks in earlier versions of Ruby, but the official position was that puppet was meant to be run as a continually running service. I am wondering if the official position has changed. On one hand many if not all of the early Ruby issues have been fixed, on the other, the addition of mcollective into the mix as