Custom Query (196 matches)


Show under each result:

Results (58 - 60 of 196)

Ticket Resolution Summary Owner Reporter
#335 invalid test sipbcert
#349 invalid TLS SNI alerts on LDAP vhosts presbrey

void is a scripts-vhost:

presbrey@dr-wily:~$ host is an alias for has address

that fails to handshake:

presbrey@dr-wily:~$ curl -k
curl: (35) error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:reason(1112)

even though scripts-vhosts itself works:

presbrey@dr-wily:~$ curl -kv
* About to connect() to port 443 (#0)
*   Trying connected
* Connected to ( port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using DHE-RSA-AES256-SHA
* Server certificate:
*        subject: serialNumber=sKLt5io360jM-oAd2EGLNK0EraXwXE46; C=US; ST=Massachusetts; L=Cambridge; O=Massachusetts Institute of Technology; web hosting service;
*        start date: 2011-05-24 11:40:52 GMT
*        expire date: 2016-06-24 16:28:06 GMT
*        subjectAltName does not match
> GET / HTTP/1.1
> User-Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/ libidn/1.15 libssh2/1.2.6
> Host:
> Accept: */*
< HTTP/1.1 200 OK
< Date: Thu, 28 Feb 2013 02:21:46 GMT

The problem has to do with TLS SNI extensions. TLS Alert 1112 is Level 1 (Warning) and Code 112 (Unrecognized name). This error is intended to notify the client that the server may not do what the client is expecting when the server does not recognize the SNI hostname passed by the client.

The server-side TLS SNI that validates "recognized" hostnames apparently only checks against hardcoded ServerName?(s) and ServerAlias?(s), and fails to locate LDAP vhosts as valid SNI targets.

#402 invalid fcgi- gem missing on busy-beaver mingy

This caused my rails app to 500 randomly (whenever the load balancer routes to b-b) due to problems with the fcgi dispatcher. Installing the gems locally seemed to make it work. Should we be ensuring that the gem build is consistent across each of the scripts servers, or is this something the user has to figure out on his own?

Note: See TracQuery for help on using queries.