[nsd-users] nsd-control SSL problems (UNCLASSIFIED)
W.C.A. Wijngaards
wouter at nlnetlabs.nl
Tue Nov 26 09:43:01 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Howard,
On 11/25/2013 09:17 PM, Kash, Howard M CIV (US) wrote:
> Classification: UNCLASSIFIED Caveats: NONE
>
>
> I've installed NSD 4.0 on two RedHat 6, 64-bit systems and four
> RedHat 5, 32-bit systems. On the two RHEL6 systems nsd-control
> works fine. On the four RHEL5 systems, nsd-control gives "error:
> SSL handshake failed". In the log file it says "error: remote
> control failed ssl crypto error:140B512D:SSL
> routines:SSL_GET_NEW_SESSION:ssl session id callback failed". I've
> tried removing the certificates and re-running nsd-control-setup
> with the same result. All attempts are from localhost. RHEL6 uses
> OpenSSL 1.0.0, whereas RHEL5 uses 0.9.8e, but the NSD documentation
> doesn't specify a requirement for a particular version. Any
> ideas?
At the start of nsd-control-setup (a shell script), the line
HASH=sha256
change that to HASH=sha1
Then remove the certificates and run the nsd-control-setup script
again, and you have different certificates. At the start of the
script you can also change the key length (BITS=xx). I am not sure if
this will work, but older openssl could not have sha256, I believe.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJSlG0gAAoJEJ9vHC1+BF+NBssP/1K+JqdJwZ6cUnUBg57vxD2p
VtxtPYEA447HsUpZ0F7tTu6EJD3ZSH9mtuBy2cE5spISHfNsoNtMt3RveQF9Mivb
Q1w2ueYRxjDRDuUO6cRdsOIkeApxWUC0H9fmtFEpQWbrXfJmAQJ8cJDmDo2FepPz
rcklLv7T1153F1WMqPT6AhUNZptha4ogO4NQafkI/DSS4tD8eapvv4s9uZ1Qzf9Z
kjvVgpYkAf/Mr6lyRLut5c8ISj2lWB5JoLYpG+/7gba5rE9xUMzNvk+pQhh36K7b
oOwwIumDP3GjmVIheoDp4k2TJydYNtkxt66S+fXPOqH5F6Loyiz9Xaoi+pvgZteZ
AJh5bVa/ZxbKra4zx/nwFR1lLTwTXgEe6u7IpMn+pDCEugYv56/H9fKFzPYq9cuQ
5BGSvzWXoKBrrBE24tpe3v34NWZV2R6fnbKdwMTdhtvjz2+fhLRXWPlOJAsSteBV
M9/bPIOdyEHW6Btcx0Cdtome/cGpFEyYq9NVVqSWaRBkkviko2K2Dz2fbwc00RYG
7jgfx5XCJRl1LuV8qECbYZMUGpF5oJ7PRvKFw5IXoX84vTYA/s1NsRpgo6TDUhhT
/CROi2wGJqhl5K+RilaO9dw+nKZoLkNXkHYkURrfaLLNyOhR1AUxbtswkWW9UcmG
vdq96L/PGjWrhy01Jio7
=XsCe
-----END PGP SIGNATURE-----
More information about the nsd-users
mailing list