[nsd-users] nsd-control SSL problems (UNCLASSIFIED)
Kash, Howard M CIV (US)
howard.m.kash.civ at mail.mil
Tue Nov 26 12:58:12 UTC 2013
Classification: UNCLASSIFIED
Caveats: NONE
I changed the hash to sha1 and have tried various key lengths (1024, 512)
and keep getting the same error. I will compile OpenSSL 1.0.1e and link
against that to see if it is really an issue with OpenSSL 0.9.8. BTW, I'm
using a sha256 TSIG key and it's working.
Howard
-----Original Message-----
From: nsd-users [mailto:nsd-users-bounces at NLnetLabs.nl] On Behalf Of W.C.A.
Wijngaards
Sent: Tuesday, November 26, 2013 4:43 AM
To: nsd-users at NLnetLabs.nl
Subject: Re: [nsd-users] nsd-control SSL problems (UNCLASSIFIED)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Howard,
On 11/25/2013 09:17 PM, Kash, Howard M CIV (US) wrote:
> Classification: UNCLASSIFIED Caveats: NONE
>
>
> I've installed NSD 4.0 on two RedHat 6, 64-bit systems and four
> RedHat 5, 32-bit systems. On the two RHEL6 systems nsd-control
> works fine. On the four RHEL5 systems, nsd-control gives "error:
> SSL handshake failed". In the log file it says "error: remote
> control failed ssl crypto error:140B512D:SSL
> routines:SSL_GET_NEW_SESSION:ssl session id callback failed". I've
> tried removing the certificates and re-running nsd-control-setup
> with the same result. All attempts are from localhost. RHEL6 uses
> OpenSSL 1.0.0, whereas RHEL5 uses 0.9.8e, but the NSD documentation
> doesn't specify a requirement for a particular version. Any
> ideas?
At the start of nsd-control-setup (a shell script), the line
HASH=sha256
change that to HASH=sha1
Then remove the certificates and run the nsd-control-setup script
again, and you have different certificates. At the start of the
script you can also change the key length (BITS=xx). I am not sure if
this will work, but older openssl could not have sha256, I believe.
Best regards,
Wouter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJSlG0gAAoJEJ9vHC1+BF+NBssP/1K+JqdJwZ6cUnUBg57vxD2p
VtxtPYEA447HsUpZ0F7tTu6EJD3ZSH9mtuBy2cE5spISHfNsoNtMt3RveQF9Mivb
Q1w2ueYRxjDRDuUO6cRdsOIkeApxWUC0H9fmtFEpQWbrXfJmAQJ8cJDmDo2FepPz
rcklLv7T1153F1WMqPT6AhUNZptha4ogO4NQafkI/DSS4tD8eapvv4s9uZ1Qzf9Z
kjvVgpYkAf/Mr6lyRLut5c8ISj2lWB5JoLYpG+/7gba5rE9xUMzNvk+pQhh36K7b
oOwwIumDP3GjmVIheoDp4k2TJydYNtkxt66S+fXPOqH5F6Loyiz9Xaoi+pvgZteZ
AJh5bVa/ZxbKra4zx/nwFR1lLTwTXgEe6u7IpMn+pDCEugYv56/H9fKFzPYq9cuQ
5BGSvzWXoKBrrBE24tpe3v34NWZV2R6fnbKdwMTdhtvjz2+fhLRXWPlOJAsSteBV
M9/bPIOdyEHW6Btcx0Cdtome/cGpFEyYq9NVVqSWaRBkkviko2K2Dz2fbwc00RYG
7jgfx5XCJRl1LuV8qECbYZMUGpF5oJ7PRvKFw5IXoX84vTYA/s1NsRpgo6TDUhhT
/CROi2wGJqhl5K+RilaO9dw+nKZoLkNXkHYkURrfaLLNyOhR1AUxbtswkWW9UcmG
vdq96L/PGjWrhy01Jio7
=XsCe
-----END PGP SIGNATURE-----
_______________________________________________
nsd-users mailing list
nsd-users at NLnetLabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/nsd-users
Classification: UNCLASSIFIED
Caveats: NONE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5635 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20131126/082950b5/attachment.bin>
More information about the nsd-users
mailing list