WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-users

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, e

from [Mark Pryor] [Permanent Link][Original]
To: Niklas Bivald <niklas@xxxxxxxxxx>
Subject: Re: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0
From: Mark Pryor <tlviewer@xxxxxxxxx>
Date: Fri, 4 Feb 2011 17:37:16 -0800 (PST)
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 04 Feb 2011 17:38:33 -0800
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1296869836; bh=NXhitj5BYy0FifJxO7gTfAsMS9N40B8iAz8DoZ5GZf0=; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=VMgUtFomExBxybeG3X/xE/4/vtQKnnyCVPD0sGJQ/FkWnBQfGYaiopzR9A2fGmmbSpxa9V/nwAv0HlUz7HCwYGUaObKk9lKcyKpeWFarkfe1nMO+jX5O5pY+51xD0O9UcdF6rspJE0IeSJB9xAEAR+t9sWNtaQNmc6NQlPuVhcE=
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=s1024; d=yahoo.com; h=Message-ID:X-YMail-OSG:Received:X-Mailer:Date:From:Subject:To:Cc:In-Reply-To:MIME-Version:Content-Type:Content-Transfer-Encoding; b=JmiytsN8Cs8U3ImRgqGo0Fk+M7IlI3Fux2tIEA7HIz6wT1MKZvQL5vr8N56I/cfo25qUOI72V+n6WgT/LvocB/gxMS26ngX0DY75OsLMgTjCEwGhIm2qDFdiQrEupqBCFF2ReennmDLbJnjFdpEN2vnPtYZ/MCzRBFpjKyIsuSY=;
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <D0515A04-8B17-4179-824D-C1EE38092D81@xxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx 
Hello,

not sure about Debian, but on Ubuntu I needed

$sudo apt-get install ca-certificates ssl-cert

-- 
Mark


--- On Fri, 2/4/11, Niklas Bivald <niklas@xxxxxxxxxx> wrote:

> From: Niklas Bivald <niklas@xxxxxxxxxx>
> Subject: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, 
> etc.) but OK on Dom0
> To: xen-users@xxxxxxxxxxxxxxxxxxx
> Date: Friday, February 4, 2011, 6:42 AM
> Hi,
> 
> First of all I've googled this subject a lot (several
> hours) but right now I'm simply stuck. All my 4 DomU fails
> SSL handshake:
> 
> > niklas@stats:~$ curl -vI https://graph.facebook.com
> > * About to connect() to graph.facebook.com port 443
> (#0)
> > *   Trying 69.63.181.58... connected
> > * Connected to graph.facebook.com (69.63.181.58) port
> 443 (#0)
> > * successfully set certificate verify locations:
> > *   CAfile: none
> >   CApath: /etc/ssl/certs
> > * SSLv3, TLS handshake, Client hello (1):
> Hangs for 2 minutes...
> > * Unknown SSL protocol error in connection to
> graph.facebook.com:443 
> > * Closing connection #0
> > curl: (35) Unknown SSL protocol error in connection to
> graph.facebook.com:443 
> 
> 
> But the same request works fine on Dom0. To make it even
> more weird, some https requests works. The failure is not
> program specific (curl, wget and apt-get all has the same
> error).
> 
> Running debian lenny.
> 
> > uname -a
> 
> > Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13
> 21:39:38 UTC 2009 x86_64 GNU/Linux
> 
> DomUs has a different IP-serie then Dom0
> (net.ipv4.ip_forward = 1)
> 
> I've re-installed openssl, run apt-get upgrade, pretty much
> all that I can possibly think of. I'm running out of ideas.
> 
> Can anyone point me in the right direction?
> 
> Example of ssl/https that doesn't work:
> >     graph.facebook.com (http works fine
> though)
> >     apt-get update with the
> security.debian.org mirror
> 
> Example that works:
> >     www.nordea.se
> 
> 
> Regards,
> Niklas
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users
> 




_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Xen-users] Xen networking newbie, Emir Sosa
Next by Date:  Re: [Xen-users] network interrupted when booting or shutting down DomU's on SLES11, Bart Coninckx
Previous by Thread:  [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0, Niklas Bivald
Next by Thread:  Re: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0, Niklas Bivald
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy