[nsd-users] nsd-control SSL problems (UNCLASSIFIED)

Kash, Howard M CIV (US) howard.m.kash.civ at mail.mil
Tue Nov 26 12:58:12 UTC 2013


Classification: UNCLASSIFIED
Caveats: NONE


I changed the hash to sha1 and have tried various key lengths (1024, 512)
and keep getting the same error.  I will compile OpenSSL 1.0.1e and link
against that to see if it is really an issue with OpenSSL 0.9.8.  BTW, I'm
using a sha256 TSIG key and it's working.


Howard



-----Original Message-----
From: nsd-users [mailto:nsd-users-bounces at NLnetLabs.nl] On Behalf Of W.C.A.
Wijngaards
Sent: Tuesday, November 26, 2013 4:43 AM
To: nsd-users at NLnetLabs.nl
Subject: Re: [nsd-users] nsd-control SSL problems (UNCLASSIFIED)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Howard,

On 11/25/2013 09:17 PM, Kash, Howard M CIV (US) wrote:
> Classification: UNCLASSIFIED Caveats: NONE
> 
> 
> I've installed NSD 4.0 on two RedHat 6, 64-bit systems and four
> RedHat 5, 32-bit systems.  On the two RHEL6 systems nsd-control
> works fine.  On the four RHEL5 systems, nsd-control gives "error:
> SSL handshake failed".  In the log file it says "error: remote
> control failed ssl crypto error:140B512D:SSL
> routines:SSL_GET_NEW_SESSION:ssl session id callback failed".  I've
> tried removing the certificates and re-running nsd-control-setup
> with the same result.  All attempts are from localhost.  RHEL6 uses
> OpenSSL 1.0.0, whereas RHEL5 uses 0.9.8e, but the NSD documentation
> doesn't specify a requirement for a particular version.  Any
> ideas?

At the start of nsd-control-setup (a shell script), the line
HASH=sha256

change that to HASH=sha1

Then remove the certificates and run the nsd-control-setup script
again, and you have different certificates.  At the start of the
script you can also change the key length (BITS=xx).  I am not sure if
this will work, but older openssl could not have sha256, I believe.

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJSlG0gAAoJEJ9vHC1+BF+NBssP/1K+JqdJwZ6cUnUBg57vxD2p
VtxtPYEA447HsUpZ0F7tTu6EJD3ZSH9mtuBy2cE5spISHfNsoNtMt3RveQF9Mivb
Q1w2ueYRxjDRDuUO6cRdsOIkeApxWUC0H9fmtFEpQWbrXfJmAQJ8cJDmDo2FepPz
rcklLv7T1153F1WMqPT6AhUNZptha4ogO4NQafkI/DSS4tD8eapvv4s9uZ1Qzf9Z
kjvVgpYkAf/Mr6lyRLut5c8ISj2lWB5JoLYpG+/7gba5rE9xUMzNvk+pQhh36K7b
oOwwIumDP3GjmVIheoDp4k2TJydYNtkxt66S+fXPOqH5F6Loyiz9Xaoi+pvgZteZ
AJh5bVa/ZxbKra4zx/nwFR1lLTwTXgEe6u7IpMn+pDCEugYv56/H9fKFzPYq9cuQ
5BGSvzWXoKBrrBE24tpe3v34NWZV2R6fnbKdwMTdhtvjz2+fhLRXWPlOJAsSteBV
M9/bPIOdyEHW6Btcx0Cdtome/cGpFEyYq9NVVqSWaRBkkviko2K2Dz2fbwc00RYG
7jgfx5XCJRl1LuV8qECbYZMUGpF5oJ7PRvKFw5IXoX84vTYA/s1NsRpgo6TDUhhT
/CROi2wGJqhl5K+RilaO9dw+nKZoLkNXkHYkURrfaLLNyOhR1AUxbtswkWW9UcmG
vdq96L/PGjWrhy01Jio7
=XsCe
-----END PGP SIGNATURE-----
_______________________________________________
nsd-users mailing list
nsd-users at NLnetLabs.nl
http://open.nlnetlabs.nl/mailman/listinfo/nsd-users

Classification: UNCLASSIFIED
Caveats: NONE


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5635 bytes
Desc: not available
URL: <http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20131126/082950b5/attachment.bin>


More information about the nsd-users mailing list