Learn about Centmin Mod LEMP Stack today
Register Now

SSL Something wrong with SSL

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Sunka, Aug 4, 2016.

  1. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    10:48 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    From time to time my site is down in last 2 days. I think it is related to SSl, and updated LibreSSL . Forum is down for couple of minutes.
    This is error from today
    Code:
    _ssl.c:584: The handshake operation timed out
    Similiar situation I see here on centmin in last two days, from time to time centmin forum is not online.

    Maybe this is somehow related.

     
  2. eva2000

    eva2000 Administrator Staff Member

    29,054
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    6:48 PM
    Nginx 1.13.x
    MariaDB 5.5
    where are you using timeout on handshake errors ?

    for my forums linode has been having routing issues and well i have sucuri cloudproxy in front of my forums so nginx/HTTPS is from sucuri so could be unrelated to libressl 2.4.2.

    Try downgrading to libressl 2.3.6 via persistent config /etc/centminmod/custom_config.inc set variable
    Code (Text):
    LIBRESSL_VERSION='2.3.6'

    and recompile nginx via centmin.sh menu option 4

    or switching to openssl 1.0.2h via set variable
    Code (Text):
    LIBRESSL_SWITCH='n'

    and recompile nginx via centmin.sh menu option 4
     
    Last edited: Aug 5, 2016
    • Informative Informative x 1
  3. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    10:48 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    Pingdom send me e-mail when this happened. Forum is just down for couple of minutes (I am still able to connect with ssh).
     
  4. eva2000

    eva2000 Administrator Staff Member

    29,054
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    6:48 PM
    Nginx 1.13.x
    MariaDB 5.5
    try confirming and double checking using multiple uptime monitors like nixstats, nodequery, nodeping etc
     
    • Informative Informative x 1
  5. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    10:48 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    And again, downtime of 9 minutes.
    Pingometer and Uptime Robot sended me a message.

    I Google for that error, and it seems that is connected with python and/or TLS 1.2
     
  6. eva2000

    eva2000 Administrator Staff Member

    29,054
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    6:48 PM
    Nginx 1.13.x
    MariaDB 5.5
  7. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    10:48 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    No, I updated curl right now. And recompile php again.
    If this happened again, I will downgrade libressl
     
  8. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    10:48 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    3 days without error :)
    Knocking on wood..

    This was last yum update, and maybe something with this update corrected things.

    Code:
    [root@tvor-ocean ~]# yum history info 145
    Loaded plugins: fastestmirror, priorities
    Transaction ID : 145
    Begin time     : Thu Aug  4 23:39:58 2016
    Begin rpmdb    : 770:3067a55d1e37cd56298e4051dc12b5a753329423
    End time       :            23:40:01 2016 (3 seconds)
    End rpmdb      : 770:c15cfd592dcb1e38f2fbe9e50354ce31cdcb3e85
    User           : root <root>
    Return-Code    : Success
    Command Line   : update --enablerepo=city-fan.org --disableplugin=priorities
    Transaction performed with:
        Installed     rpm-4.11.3-17.el7.x86_64                      @base
        Installed     yum-3.4.3-132.el7.centos.0.1.noarch           @base
        Installed     yum-plugin-fastestmirror-1.1.31-34.el7.noarch @base
    Packages Altered:
        Updated curl-7.50.0-2.0.cf.rhel7.x86_64               @city-fan.org
        Update       7.50.1-1.0.cf.rhel7.x86_64               @city-fan.org
        Updated geoipupdate-2.2.2-2.el7.x86_64                @city-fan.org
        Update              2.2.2-3.el7.x86_64                @city-fan.org
        Updated libcurl-7.50.0-2.0.cf.rhel7.x86_64            @city-fan.org
        Update          7.50.1-1.0.cf.rhel7.x86_64            @city-fan.org
        Updated libcurl-devel-7.50.0-2.0.cf.rhel7.x86_64      @city-fan.org
        Update                7.50.1-1.0.cf.rhel7.x86_64      @city-fan.org
        Updated nmap-ncat-2:7.12-2.0.cf.rhel7.x86_64          @city-fan.org
        Update            2:7.12-2.1.cf.rhel7.x86_64          @city-fan.org
        Updated perl-ExtUtils-ParseXS-1:3.30-1.rhel7.noarch   @city-fan.org
        Update                        1:3.31-366.rhel7.noarch @city-fan.org
        Updated perl-HTTP-Tiny-0.058-1.rhel7.noarch           @city-fan.org
        Update                 0.058-3.rhel7.noarch           @city-fan.org
        Updated perl-IO-Compress-2.069-1.rhel7.noarch         @city-fan.org
        Update                   2.069-367.rhel7.noarch       @city-fan.org
        Updated perl-IO-Socket-IP-0.37-1.rhel7.noarch         @city-fan.org
        Update                    0.38-1.rhel7.noarch         @city-fan.org
        Updated perl-Test-Harness-3.36-366.rhel7.noarch       @city-fan.org
        Update                    3.36-367.rhel7.noarch       @city-fan.org
    history info
     
    • Informative Informative x 1