Niklas Bivald
2011-Feb-04 14:42 UTC
[Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0
Hi, First of all I''ve googled this subject a lot (several hours) but right now I''m simply stuck. All my 4 DomU fails SSL handshake:> niklas@stats:~$ curl -vI https://graph.facebook.com > * About to connect() to graph.facebook.com port 443 (#0) > * Trying 69.63.181.58... connected > * Connected to graph.facebook.com (69.63.181.58) port 443 (#0) > * successfully set certificate verify locations: > * CAfile: none > CApath: /etc/ssl/certs > * SSLv3, TLS handshake, Client hello (1):Hangs for 2 minutes...> * Unknown SSL protocol error in connection to graph.facebook.com:443 > * Closing connection #0 > curl: (35) Unknown SSL protocol error in connection to graph.facebook.com:443But the same request works fine on Dom0. To make it even more weird, some https requests works. The failure is not program specific (curl, wget and apt-get all has the same error). Running debian lenny.> uname -a> Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13 21:39:38 UTC 2009 x86_64 GNU/LinuxDomUs has a different IP-serie then Dom0 (net.ipv4.ip_forward = 1) I''ve re-installed openssl, run apt-get upgrade, pretty much all that I can possibly think of. I''m running out of ideas. Can anyone point me in the right direction? Example of ssl/https that doesn''t work:> graph.facebook.com (http works fine though) > apt-get update with the security.debian.org mirrorExample that works:> www.nordea.seRegards, Niklas _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Mark Pryor
2011-Feb-05 01:37 UTC
Re: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0
Hello, not sure about Debian, but on Ubuntu I needed $sudo apt-get install ca-certificates ssl-cert -- Mark --- On Fri, 2/4/11, Niklas Bivald <niklas@bivald.com> wrote:> From: Niklas Bivald <niklas@bivald.com> > Subject: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0 > To: xen-users@lists.xensource.com > Date: Friday, February 4, 2011, 6:42 AM > Hi, > > First of all I''ve googled this subject a lot (several > hours) but right now I''m simply stuck. All my 4 DomU fails > SSL handshake: > > > niklas@stats:~$ curl -vI https://graph.facebook.com > > * About to connect() to graph.facebook.com port 443 > (#0) > > * Trying 69.63.181.58... connected > > * Connected to graph.facebook.com (69.63.181.58) port > 443 (#0) > > * successfully set certificate verify locations: > > * CAfile: none > > CApath: /etc/ssl/certs > > * SSLv3, TLS handshake, Client hello (1): > Hangs for 2 minutes... > > * Unknown SSL protocol error in connection to > graph.facebook.com:443 > > * Closing connection #0 > > curl: (35) Unknown SSL protocol error in connection to > graph.facebook.com:443 > > > But the same request works fine on Dom0. To make it even > more weird, some https requests works. The failure is not > program specific (curl, wget and apt-get all has the same > error). > > Running debian lenny. > > > uname -a > > > Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13 > 21:39:38 UTC 2009 x86_64 GNU/Linux > > DomUs has a different IP-serie then Dom0 > (net.ipv4.ip_forward = 1) > > I''ve re-installed openssl, run apt-get upgrade, pretty much > all that I can possibly think of. I''m running out of ideas. > > Can anyone point me in the right direction? > > Example of ssl/https that doesn''t work: > > graph.facebook.com (http works fine > though) > > apt-get update with the > security.debian.org mirror > > Example that works: > > www.nordea.se > > > Regards, > Niklas > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users >_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Niklas Bivald
2011-Feb-05 13:49 UTC
Re: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0
Hi, Unfortunately, no luck. I''ll keep digging. Regards, Niklas On 5 feb 2011, at 02.37, Mark Pryor wrote:> Hello, > > not sure about Debian, but on Ubuntu I needed > > $sudo apt-get install ca-certificates ssl-cert > > -- > Mark > > > --- On Fri, 2/4/11, Niklas Bivald <niklas@bivald.com> wrote: > >> From: Niklas Bivald <niklas@bivald.com> >> Subject: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0 >> To: xen-users@lists.xensource.com >> Date: Friday, February 4, 2011, 6:42 AM >> Hi, >> >> First of all I''ve googled this subject a lot (several >> hours) but right now I''m simply stuck. All my 4 DomU fails >> SSL handshake: >> >>> niklas@stats:~$ curl -vI https://graph.facebook.com >>> * About to connect() to graph.facebook.com port 443 >> (#0) >>> * Trying 69.63.181.58... connected >>> * Connected to graph.facebook.com (69.63.181.58) port >> 443 (#0) >>> * successfully set certificate verify locations: >>> * CAfile: none >>> CApath: /etc/ssl/certs >>> * SSLv3, TLS handshake, Client hello (1): >> Hangs for 2 minutes... >>> * Unknown SSL protocol error in connection to >> graph.facebook.com:443 >>> * Closing connection #0 >>> curl: (35) Unknown SSL protocol error in connection to >> graph.facebook.com:443 >> >> >> But the same request works fine on Dom0. To make it even >> more weird, some https requests works. The failure is not >> program specific (curl, wget and apt-get all has the same >> error). >> >> Running debian lenny. >> >>> uname -a >> >>> Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13 >> 21:39:38 UTC 2009 x86_64 GNU/Linux >> >> DomUs has a different IP-serie then Dom0 >> (net.ipv4.ip_forward = 1) >> >> I''ve re-installed openssl, run apt-get upgrade, pretty much >> all that I can possibly think of. I''m running out of ideas. >> >> Can anyone point me in the right direction? >> >> Example of ssl/https that doesn''t work: >>> graph.facebook.com (http works fine >> though) >>> apt-get update with the >> security.debian.org mirror >> >> Example that works: >>> www.nordea.se >> >> >> Regards, >> Niklas >> _______________________________________________ >> Xen-users mailing list >> Xen-users@lists.xensource.com >> http://lists.xensource.com/xen-users >> > > > > > _______________________________________________ > Xen-users mailing list > Xen-users@lists.xensource.com > http://lists.xensource.com/xen-users_______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users
Apparently Analagous Threads
- R CMD check --as-cran: sslv3 alert handshake failure
- sslv3 alert handshake failure error
- 'sslv3 alert handshake failure' when using puppet load-balanced through Apache
- [PATCH nbdkit] Add cainfo and capath options to curl plugin
- err: Could not request certificate: sslv3 alert handshake failure error