no unbound-control without certificates?
Ralph Dolmans
ralph at nlnetlabs.nl
Thu Nov 3 17:08:09 UTC 2016
Hi Andreas,
Are you using OpenSSL 1.1? Apparently it introduced security levels and
by default doesn't allow aNULL ciphers. I just commited a version to our
repository that sets the security level to 0 for the remote control ssl
context when control-use-cert is no.
Regards,
-- Ralph
On 03-11-16 14:38, A. Schulze via Unbound-users wrote:
>
> Hello,
>
> after update from 1.5.9 to 1.5.10 "unbound-control reload" no longer work:
>
> the relevant unbound.conf section:
> remote-control:
> control-enable: yes
> control-interface: /path/to/unbound-control.socket
> control-use-cert: no
>
> # ls -la /path/to/unbound-control.socket
> srw-rw---- 1 unbound unbound 0 Nov 3 14:24 /path/to/unbound-control.socket
>
> # unbound-control reload
> error: SSL handshake failed
> 140666240513792:error:141640B5:SSL
> routines:tls_construct_client_hello:no ciphers
> available:ssl/statem/statem_clnt.c:815:
>
> Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/unbound-users/attachments/20161103/b554cc6a/attachment.bin>
More information about the Unbound-users
mailing list