WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-users

Re: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, e

To: Mark Pryor <tlviewer@xxxxxxxxx>
Subject: Re: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, etc.) but OK on Dom0
From: Niklas Bivald <niklas@xxxxxxxxxx>
Date: Sat, 5 Feb 2011 14:49:49 +0100
Cc: xen-users@xxxxxxxxxxxxxxxxxxx
Delivery-date: Sat, 05 Feb 2011 05:51:17 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
In-reply-to: <565545.97677.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:xen-users-request@lists.xensource.com?subject=help>
List-id: Xen user discussion <xen-users.lists.xensource.com>
List-post: <mailto:xen-users@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-users>, <mailto:xen-users-request@lists.xensource.com?subject=unsubscribe>
References: <565545.97677.qm@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: xen-users-bounces@xxxxxxxxxxxxxxxxxxx
Hi,

Unfortunately, no luck. I'll keep digging. 

Regards,
Niklas

On 5 feb 2011, at 02.37, Mark Pryor wrote:

> Hello,
> 
> not sure about Debian, but on Ubuntu I needed
> 
> $sudo apt-get install ca-certificates ssl-cert
> 
> -- 
> Mark
> 
> 
> --- On Fri, 2/4/11, Niklas Bivald <niklas@xxxxxxxxxx> wrote:
> 
>> From: Niklas Bivald <niklas@xxxxxxxxxx>
>> Subject: [Xen-users] All DomU failing SSLv3 handshake (curl, apt-get, wget, 
>> etc.) but OK on Dom0
>> To: xen-users@xxxxxxxxxxxxxxxxxxx
>> Date: Friday, February 4, 2011, 6:42 AM
>> Hi,
>> 
>> First of all I've googled this subject a lot (several
>> hours) but right now I'm simply stuck. All my 4 DomU fails
>> SSL handshake:
>> 
>>> niklas@stats:~$ curl -vI https://graph.facebook.com
>>> * About to connect() to graph.facebook.com port 443
>> (#0)
>>> *   Trying 69.63.181.58... connected
>>> * Connected to graph.facebook.com (69.63.181.58) port
>> 443 (#0)
>>> * successfully set certificate verify locations:
>>> *   CAfile: none
>>>    CApath: /etc/ssl/certs
>>> * SSLv3, TLS handshake, Client hello (1):
>> Hangs for 2 minutes...
>>> * Unknown SSL protocol error in connection to
>> graph.facebook.com:443 
>>> * Closing connection #0
>>> curl: (35) Unknown SSL protocol error in connection to
>> graph.facebook.com:443 
>> 
>> 
>> But the same request works fine on Dom0. To make it even
>> more weird, some https requests works. The failure is not
>> program specific (curl, wget and apt-get all has the same
>> error).
>> 
>> Running debian lenny.
>> 
>>> uname -a
>> 
>>> Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13
>> 21:39:38 UTC 2009 x86_64 GNU/Linux
>> 
>> DomUs has a different IP-serie then Dom0
>> (net.ipv4.ip_forward = 1)
>> 
>> I've re-installed openssl, run apt-get upgrade, pretty much
>> all that I can possibly think of. I'm running out of ideas.
>> 
>> Can anyone point me in the right direction?
>> 
>> Example of ssl/https that doesn't work:
>>>     graph.facebook.com (http works fine
>> though)
>>>     apt-get update with the
>> security.debian.org mirror
>> 
>> Example that works:
>>>     www.nordea.se
>> 
>> 
>> Regards,
>> Niklas
>> _______________________________________________
>> Xen-users mailing list
>> Xen-users@xxxxxxxxxxxxxxxxxxx
>> http://lists.xensource.com/xen-users
>> 
> 
> 
> 
> 
> _______________________________________________
> Xen-users mailing list
> Xen-users@xxxxxxxxxxxxxxxxxxx
> http://lists.xensource.com/xen-users


_______________________________________________
Xen-users mailing list
Xen-users@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-users

<Prev in Thread] Current Thread [Next in Thread>