Welcome! Log In Create A New Profile

Re: nginx ssl_prefer_server_ciphers and MSIE 7.x core dump

Forum List Message List New Topic Print View

Doncho Gunchev

August 04, 2009 05:22AM

2009/7/21 Doncho Gunchev <dgunchev@gmail.com>:
> 2009/7/21 Igor Sysoev <is@rambler-co.ru>:
>> On Mon, Jul 20, 2009 at 01:09:22PM +0300, Doncho Gunchev wrote:
>>
>>> Hello,
>>>
>>> First of all many thanks for nginx.
>>>
>>> I have a machine where 'ssl_prefer_server_ciphers on;' plus Internet
>>> Explorer 7 (win 2003/XP) causes segmentation fault in Kerberos
>>> libraries:
>>> --- cut ---
>>> Program received signal SIGSEGV, Segmentation fault.
>>> 0x00000036b7e610a2 in krb5_is_referral_realm () from /usr/lib64/libkrb5.so.3
>>> (gdb) bt
>>> #0 0x00000036b7e610a2 in krb5_is_referral_realm () from /usr/lib64/libkrb5.so.3
>>> #1 0x00000036b7e48ade in krb5_kt_get_entry () from /usr/lib64/libkrb5.so.3
>>> #2 0x00000036b963862e in kssl_keytab_is_available () from /lib64/libssl.so.6
>>> #3 0x00000036b961e2d5 in ssl3_choose_cipher () from /lib64/libssl.so.6
>>> #4 0x00000036b9619a7b in ssl3_get_client_hello () from /lib64/libssl.so.6
>>> --- cut ---
>>> The host OS is RHEL 5.3 fully updated. I tried 32 and 64 bit versions
>>> from 0.6.32 to 0.6.38 with and without perl. The CPU is Intel(R)
>>> Xeon(R) CPU E5410 @ 2.33GHz. Exactly the same binary works on other
>>> machines (including KVM virtual ones) on CentOS 5.3 fully updated and
>>> I was using it on another machine with RHEL (have no access to that
>>> one any more).
>>>
>>> Can I help further? Can I disable all kerberos related stuff in the
>>> meantime somehow?
>>
>> Could you confirm that "ssl_prefer_server_ciphers off" does not cause
>> faults ?
>
> Yes, that's the way I'm using it currently.
>
>>
>> As to disabling kerberos you may try to build OpenSSL statically
>> with nginx:
>>
>> ./configure --with-openssl=/path/to/openssl/sources --with-openssl-opt=no-krb5
>
> Thank you, will try ASAP :)
>

Sorry for the late reply, I compiled nginx with statically linked
openssl without any krb5 support and it is working at least a week
without any problems, so I almost forgot the problem... The OpenSSL
and nginx are exaclty the same version (I have a CentOS 5 x86_64 rpm
if someone wants it). Something else I can check?

--
BR,
Doncho Gunchev

Reply Quote

RSS

Subject	Author	Posted
nginx ssl_prefer_server_ciphers and MSIE 7.x core dump	Doncho Gunchev	July 20, 2009 06:09AM
Re: nginx ssl_prefer_server_ciphers and MSIE 7.x core dump	Igor Sysoev	July 21, 2009 05:09AM
Re: nginx ssl_prefer_server_ciphers and MSIE 7.x core dump	Doncho Gunchev	July 21, 2009 09:29AM
Re: nginx ssl_prefer_server_ciphers and MSIE 7.x core dump	Doncho Gunchev	August 04, 2009 05:22AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 236

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018