LVS
lvs-users
Google
 
Web LinuxVirtualServer.org

[lvs-users] Test weak SSL ciphers with LVS

To: lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Subject: [lvs-users] Test weak SSL ciphers with LVS
From: Son Nguyen <trungson@xxxxxxxxx>
Date: Sun, 27 Oct 2013 11:52:12 -0700
Hello,

I try to test weak ciphers on my LVS-TUN setup, the weak cipher is explicitly 
disabled on the real servers (RIP) and when checking directly with the RIP, no 
handshake was made, which is good and expected. However, when checking with the 
VIP, a good handshake was made (unexpected). Since LVS is Layer 4, I wonder why 
there is this difference.

openssl s_client -connect RIP:443 -cipher DES
=> no handshake, expected

openssl s_client -connect VIP:443 -cipher DES
=> good handshake, unexpected

Thanks
_______________________________________________
Please read the documentation before posting - it's available at:
http://www.linuxvirtualserver.org/

LinuxVirtualServer.org mailing list - lvs-users@xxxxxxxxxxxxxxxxxxxxxx
Send requests to lvs-users-request@xxxxxxxxxxxxxxxxxxxxxx
or go to http://lists.graemef.net/mailman/listinfo/lvs-users

<Prev in Thread] Current Thread [Next in Thread>
  • [lvs-users] Test weak SSL ciphers with LVS, Son Nguyen <=