Hi Phil,
It looks very much like the problem I have.
I addressed this issue in the Linux-HA mailinglist, but have not recievied
any suggestions yet.
I found a 'solution' that works for me. But I have no idea of what other
impacts it may have.
See my problem and 'solution' in my original post:
http://lists.linux-ha.org/pipermail/linux-ha/2004-November/012771.html
Regards, Johan
-----Original Message-----
From: lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx
[mailto:lvs-users-bounces@xxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Philip
Hayward
Sent: den 5 november 2004 15:28
To: 'LinuxVirtualServer.org users mailing list.'
Subject: RE: Ldirectord Redhat EL3 SSL checking problem
Hi Horms,
Thanks for the patch.
I have been unable to replicate this on Redhat 8 but have seen it on three
EL3 ES servers and on EL3 Update 2 and 3.
Applying the patch produces the results below.
Thanks for looking into this.
Phil
DEBUG2: Checking negotiate: real
server=negotiate:https:tcp:10.1.1.23:0:50743::\/orukt\/static\/test\.html:te
sted (virtual=tcp:10.1.1.61:0)
DEBUG2: Checking https url="https://10.1.1.23:50743/orukt/static/test.html"
virtualhost="10.1.1.23"
DEBUG2: Testing: 10.1.1.23, 50743, /orukt/static/test.html Opening
connection to 10.1.1.23:50743 (10.1.1.23) at blib/lib/Net/SSLeay.pm
(autosplit into blib/lib/auto/Net/SSLeay/open_tcp_connection.al) line 1463.
Creating SSL 0 context... Creating SSL connection (context was
'143973928')... Setting fd (ctx 143973928, con 143976312)... Entering SSL
negotiation phase... Cipher list: DHE-RSA-AES256-SHA, DHE-RSA-AES256-SHA,
DHE-DSS-AES256-SHA, AES256-SHA, EDH-RSA-DES-CBC3-SHA, EDH-DSS-DES-CBC3-SHA,
DES-CBC3-SHA, DES-CBC3-MD5, DHE-RSA-AES128-SHA, DHE-DSS-AES128-SHA,
AES128-SHA, RC2-CBC-MD5, DHE-DSS-RC4-SHA, EXP-KRB5-RC4-MD5,
EXP-KRB5-RC4-SHA, KRB5-RC4-MD5, KRB5-RC4-SHA, RC4-SHA, RC4-MD5, RC4-MD5,
KRB5-DES-CBC3-MD5, KRB5-DES-CBC3-SHA, RC4-64-MD5,
EXP1024-DHE-DSS-DES-CBC-SHA, EXP1024-DES-CBC-SHA, EXP1024-RC2-CBC-MD5,
KRB5-DES-CBC-MD5, KRB5-DES-CBC-SHA, EDH-RSA-DES-CBC-SHA,
EDH-DSS-DES-CBC-SHA, DES-CBC-SHA, DES-CBC-MD5, EXP1024-DHE-DSS-RC4-SHA,
EXP1024-RC4-SHA, EXP1024-RC4-MD5, EXP-KRB5-RC2-CBC-MD5,
EXP-KRB5-DES-CBC-MD5, EXP-KRB5-RC2-CBC-SHA, EXP-KRB5-DES-CBC-SHA,
EXP-EDH-RSA-DES-CBC-SHA, EXP-EDH-DSS-DES-CBC-SHA, EXP-DES-CBC-SHA,
EXP-RC2-CBC-MD5, EXP-RC2-CBC-MD5, EXP-RC4-MD5, EXP-RC4-MD5\n at
blib/lib/Net/SSLeay.pm (autosplit into
blib/lib/auto/Net/SSLeay/sslcat.al) line 1779.
SSLeay connect returned 1
Cipher `DHE-RSA-AES256-SHA'
Subject Name: /C=GB/ST=London/L=London/O=Digital Rum
Limited/OU=Ticketing/CN=orukt.stg.digitalrum.com
Issuer Name: /C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority sslcat 8280: sending 70 bytes...
write_all VM at entry=vm_unknown
written so far 70:70 bytes (VM=vm_unknown)
waiting for reply...
got 253:0 bytes (VM=vm_unknown).
got 0:253 bytes (VM=vm_unknown).
Got 253 bytes.
DEBUG2: Result: HTTP/1.1 200 OK
DEBUG2: Expected String Present
DEBUG2: Status: 16777215 (fail)
DEBUG2: Disabled server=10.1.1.23
>From the following config:
virtual=10.1.1.61:0
real=10.1.1.23:0 masq
service=https
scheduler=wlc
checkport=50743
request="orukt/static/test.html"
receive="tested"
checktype=negotiate
persistent=300
Apache reports:
[05/Nov/2004:12:57:54 +0000] 10.1.1.200 TLSv1 DHE-RSA-AES256-SHA "GET
/orukt/static/test.html HTTP/1.0" 22
_______________________________________________
LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx Send
requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://www.in-addr.de/mailman/listinfo/lvs-users
|