Hi,
let's start from the back ;-).
> Oliver: you can probably confirm this by trying to trick GFAL to using your client certificate and not a proxy.
indeed, that works!
> What version is the redirector?
In the logs I provided, both instances ran on the same machine, and both used the 5.0.1 binaries. That was on CentOS 8, i.e. openssl-1.1.1c.
However, the earlier tests showing the same issue also covered the combinations:
- Redirector running 4.12.3 with OpenSSL 1.0.2k (CentOS 7), data server running 5.0.1 with OpenSSL 1.0.2k (CentOS 7).
- Both the redirector and data server running 5.0.1 with OpenSSL 1.0.2k (CentOS 7).
Both were affected, too. The error "looked the same", I could of course also try to catch logs, but that would take a bit (would then reproduce in our test setup).
> So, relative to (b) you can test the hypothesis that it's the elliptic ciphers that are causing the problem by including the directive in the R5 server: {{http.cipherfilter ALL:!LOW:!EXP:!MD5:!MD2}}
Since it also happened in the 5.0.1 <=> 5.0.1 combination on a single node with two instances, this is probably nought — I still tried it, but the error remains.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/xrootd/xrootd/issues/1276#issuecomment-685769202
########################################################################
Use REPLY-ALL to reply to list
To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1
