[nsd-users] nsd-control SSL problems (UNCLASSIFIED)

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Nov 26 09:43:01 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Howard,

On 11/25/2013 09:17 PM, Kash, Howard M CIV (US) wrote:
> Classification: UNCLASSIFIED Caveats: NONE
> 
> 
> I've installed NSD 4.0 on two RedHat 6, 64-bit systems and four
> RedHat 5, 32-bit systems.  On the two RHEL6 systems nsd-control
> works fine.  On the four RHEL5 systems, nsd-control gives "error:
> SSL handshake failed".  In the log file it says "error: remote
> control failed ssl crypto error:140B512D:SSL
> routines:SSL_GET_NEW_SESSION:ssl session id callback failed".  I've
> tried removing the certificates and re-running nsd-control-setup
> with the same result.  All attempts are from localhost.  RHEL6 uses
> OpenSSL 1.0.0, whereas RHEL5 uses 0.9.8e, but the NSD documentation
> doesn't specify a requirement for a particular version.  Any
> ideas?

At the start of nsd-control-setup (a shell script), the line
HASH=sha256

change that to HASH=sha1

Then remove the certificates and run the nsd-control-setup script
again, and you have different certificates.  At the start of the
script you can also change the key length (BITS=xx).  I am not sure if
this will work, but older openssl could not have sha256, I believe.

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSlG0gAAoJEJ9vHC1+BF+NBssP/1K+JqdJwZ6cUnUBg57vxD2p
VtxtPYEA447HsUpZ0F7tTu6EJD3ZSH9mtuBy2cE5spISHfNsoNtMt3RveQF9Mivb
Q1w2ueYRxjDRDuUO6cRdsOIkeApxWUC0H9fmtFEpQWbrXfJmAQJ8cJDmDo2FepPz
rcklLv7T1153F1WMqPT6AhUNZptha4ogO4NQafkI/DSS4tD8eapvv4s9uZ1Qzf9Z
kjvVgpYkAf/Mr6lyRLut5c8ISj2lWB5JoLYpG+/7gba5rE9xUMzNvk+pQhh36K7b
oOwwIumDP3GjmVIheoDp4k2TJydYNtkxt66S+fXPOqH5F6Loyiz9Xaoi+pvgZteZ
AJh5bVa/ZxbKra4zx/nwFR1lLTwTXgEe6u7IpMn+pDCEugYv56/H9fKFzPYq9cuQ
5BGSvzWXoKBrrBE24tpe3v34NWZV2R6fnbKdwMTdhtvjz2+fhLRXWPlOJAsSteBV
M9/bPIOdyEHW6Btcx0Cdtome/cGpFEyYq9NVVqSWaRBkkviko2K2Dz2fbwc00RYG
7jgfx5XCJRl1LuV8qECbYZMUGpF5oJ7PRvKFw5IXoX84vTYA/s1NsRpgo6TDUhhT
/CROi2wGJqhl5K+RilaO9dw+nKZoLkNXkHYkURrfaLLNyOhR1AUxbtswkWW9UcmG
vdq96L/PGjWrhy01Jio7
=XsCe
-----END PGP SIGNATURE-----



More information about the nsd-users mailing list