/ Register

Welcome to Centmin Mod Community
Register Now

SSL Something wrong with SSL

Discussion in 'Domains, DNS, Email & SSL Certificates' started by Sunka, Aug 4, 2016.

Tags:
Previous Thread Next Thread
Loading...
  1. Aug 4, 2016 #1
    Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    6:59 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    From time to time my site is down in last 2 days. I think it is related to SSl, and updated LibreSSL . Forum is down for couple of minutes.
    This is error from today
    Code:
    _ssl.c:584: The handshake operation timed out
    Similiar situation I see here on centmin in last two days, from time to time centmin forum is not online.

    Maybe this is somehow related.

     
  2. Aug 4, 2016 #2
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    2:59 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    where are you using timeout on handshake errors ?

    for my forums linode has been having routing issues and well i have sucuri cloudproxy in front of my forums so nginx/HTTPS is from sucuri so could be unrelated to libressl 2.4.2.

    Try downgrading to libressl 2.3.6 via persistent config /etc/centminmod/custom_config.inc set variable
    Code (Text):
    LIBRESSL_VERSION='2.3.6'

    and recompile nginx via centmin.sh menu option 4

    or switching to openssl 1.0.2h via set variable
    Code (Text):
    LIBRESSL_SWITCH='n'

    and recompile nginx via centmin.sh menu option 4
     
    Last edited: Aug 5, 2016
  3. Aug 5, 2016 #3
    Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    6:59 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    Pingdom send me e-mail when this happened. Forum is just down for couple of minutes (I am still able to connect with ssh).
     
  4. Aug 5, 2016 #4
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    2:59 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    try confirming and double checking using multiple uptime monitors like nixstats, nodequery, nodeping etc
     
  5. Aug 5, 2016 #5
    Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    6:59 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    And again, downtime of 9 minutes.
    Pingometer and Uptime Robot sended me a message.

    I Google for that error, and it seems that is connected with python and/or TLS 1.2
     
  6. Aug 5, 2016 #6
    eva2000

    eva2000 Administrator Staff Member

    55,237
    12,253
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,833
    Local Time:
    2:59 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  7. Aug 5, 2016 #7
    Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    6:59 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    No, I updated curl right now. And recompile php again.
    If this happened again, I will downgrade libressl
     
  8. Aug 8, 2016 #8
    Sunka

    Sunka Well-Known Member

    1,150
    325
    83
    Oct 31, 2015
    Pula, Croatia
    Ratings:
    +525
    Local Time:
    6:59 AM
    Nginx 1.17.9
    MariaDB 10.3.22
    3 days without error :)
    Knocking on wood..

    This was last yum update, and maybe something with this update corrected things.

    Code:
    [root@tvor-ocean ~]# yum history info 145
Loaded plugins: fastestmirror, priorities
Transaction ID : 145
Begin time     : Thu Aug  4 23:39:58 2016
Begin rpmdb    : 770:3067a55d1e37cd56298e4051dc12b5a753329423
End time       :            23:40:01 2016 (3 seconds)
End rpmdb      : 770:c15cfd592dcb1e38f2fbe9e50354ce31cdcb3e85
User           : root <root>
Return-Code    : Success
Command Line   : update --enablerepo=city-fan.org --disableplugin=priorities
Transaction performed with:
    Installed     rpm-4.11.3-17.el7.x86_64                      @base
    Installed     yum-3.4.3-132.el7.centos.0.1.noarch           @base
    Installed     yum-plugin-fastestmirror-1.1.31-34.el7.noarch @base
Packages Altered:
    Updated curl-7.50.0-2.0.cf.rhel7.x86_64               @city-fan.org
    Update       7.50.1-1.0.cf.rhel7.x86_64               @city-fan.org
    Updated geoipupdate-2.2.2-2.el7.x86_64                @city-fan.org
    Update              2.2.2-3.el7.x86_64                @city-fan.org
    Updated libcurl-7.50.0-2.0.cf.rhel7.x86_64            @city-fan.org
    Update          7.50.1-1.0.cf.rhel7.x86_64            @city-fan.org
    Updated libcurl-devel-7.50.0-2.0.cf.rhel7.x86_64      @city-fan.org
    Update                7.50.1-1.0.cf.rhel7.x86_64      @city-fan.org
    Updated nmap-ncat-2:7.12-2.0.cf.rhel7.x86_64          @city-fan.org
    Update            2:7.12-2.1.cf.rhel7.x86_64          @city-fan.org
    Updated perl-ExtUtils-ParseXS-1:3.30-1.rhel7.noarch   @city-fan.org
    Update                        1:3.31-366.rhel7.noarch @city-fan.org
    Updated perl-HTTP-Tiny-0.058-1.rhel7.noarch           @city-fan.org
    Update                 0.058-3.rhel7.noarch           @city-fan.org
    Updated perl-IO-Compress-2.069-1.rhel7.noarch         @city-fan.org
    Update                   2.069-367.rhel7.noarch       @city-fan.org
    Updated perl-IO-Socket-IP-0.37-1.rhel7.noarch         @city-fan.org
    Update                    0.38-1.rhel7.noarch         @city-fan.org
    Updated perl-Test-Harness-3.36-366.rhel7.noarch       @city-fan.org
    Update                    3.36-367.rhel7.noarch       @city-fan.org
history info
     
Previous Thread Next Thread
Loading...

.