pgpool ssl handshake failure
Hi,
I am using pgpool-II version 3.4.3 (tataraboshi).
Where my database is Postgresql 8.4.
I am trying to configure ssl mode from client and between pgpool and
database it is non-ssl.
I configured as document and now I am getting this in my log:
*2015-10-13 22:17:58: pid 1857: LOG: new connection received*
*2015-10-13 22:17:58: pid 1857: DETAIL: connecting host=10.0.0.5
port=65326*
*2015-10-13 22:17:58: pid 1857: LOG: pool_ssl: "SSL_read": "ssl handshake
failure"*
*2015-10-13 22:17:58: pid 1857: ERROR: unable to read data from frontend**2015-10-13
22:17:58: pid 1857: DETAIL: socket read failed with an error "Success"*
Please let me know what wrong I am doing.
Thanks & Regards.
On 10/15/2015 06:59 AM, AI Rumman wrote:
Hi,
I am using pgpool-II version 3.4.3 (tataraboshi).
Where my database is Postgresql 8.4.
Probably already know, but 8.4 is approximately 1.25 years beyond EOL:
http://www.postgresql.org/support/versioning/
I am trying to configure ssl mode from client and between pgpool and
database it is non-ssl.
What is non-ssl, the database or pgpool?
I configured as document and now I am getting this in my log:
/2015-10-13 22:17:58: pid 1857: LOG: new connection received
//2015-10-13 22:17:58: pid 1857: DETAIL: connecting host=10.0.0.5
port=65326
//2015-10-13 22:17:58: pid 1857: LOG: pool_ssl: "SSL_read": "ssl
handshake failure"
//2015-10-13 22:17:58: pid 1857: ERROR: unable to read data from
frontend
//2015-10-13 22:17:58: pid 1857: DETAIL: socket read failed with an
error "Success"/Please let me know what wrong I am doing.
Not quite sure but given the below from the 9.5 Release Notes:
"
Remove server configuration parameter ssl_renegotiation_limit, which was
deprecated in earlier releases (Andres Freund)
While SSL renegotiation is a good idea in theory, it has caused enough
bugs to be considered a net negative in practice, and it is due to be
removed from future versions of the relevant standards. We have
therefore removed support for it from PostgreSQL."
I would check to see what ssl_renegotiation_limit is set to:
http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html
and if it is not set to 0, then try that.
Thanks & Regards.
--
Adrian Klaver
adrian.klaver@aklaver.com
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
I configured Postgresql 9.4 and still getting the same error.
Thanks.
On Thu, Oct 15, 2015 at 7:16 AM, Adrian Klaver <adrian.klaver@aklaver.com>
wrote:
Show quoted text
On 10/15/2015 06:59 AM, AI Rumman wrote:
Hi,
I am using pgpool-II version 3.4.3 (tataraboshi).
Where my database is Postgresql 8.4.Probably already know, but 8.4 is approximately 1.25 years beyond EOL:
http://www.postgresql.org/support/versioning/
I am trying to configure ssl mode from client and between pgpool and
database it is non-ssl.What is non-ssl, the database or pgpool?
I configured as document and now I am getting this in my log:
/2015-10-13 22:17:58: pid 1857: LOG: new connection received
//2015-10-13 22:17:58: pid 1857: DETAIL: connecting host=10.0.0.5
port=65326
//2015-10-13 22:17:58: pid 1857: LOG: pool_ssl: "SSL_read": "ssl
handshake failure"
//2015-10-13 22:17:58: pid 1857: ERROR: unable to read data from
frontend
//2015-10-13 22:17:58: pid 1857: DETAIL: socket read failed with an
error "Success"/Please let me know what wrong I am doing.
Not quite sure but given the below from the 9.5 Release Notes:
"
Remove server configuration parameter ssl_renegotiation_limit, which was
deprecated in earlier releases (Andres Freund)While SSL renegotiation is a good idea in theory, it has caused enough
bugs to be considered a net negative in practice, and it is due to be
removed from future versions of the relevant standards. We have therefore
removed support for it from PostgreSQL."I would check to see what ssl_renegotiation_limit is set to:
http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html
and if it is not set to 0, then try that.
Thanks & Regards.
--
Adrian Klaver
adrian.klaver@aklaver.com
On 10/15/2015 09:36 AM, AI Rumman wrote:
I configured Postgresql 9.4 and still getting the same error.
Configured what?
Or more to the point what is ssl_renegotiation_limit set to?
Thanks.
On Thu, Oct 15, 2015 at 7:16 AM, Adrian Klaver
<adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com>> wrote:On 10/15/2015 06:59 AM, AI Rumman wrote:
Hi,
I am using pgpool-II version 3.4.3 (tataraboshi).
Where my database is Postgresql 8.4.Probably already know, but 8.4 is approximately 1.25 years beyond EOL:
http://www.postgresql.org/support/versioning/
I am trying to configure ssl mode from client and between pgpool and
database it is non-ssl.What is non-ssl, the database or pgpool?
I configured as document and now I am getting this in my log:
/2015-10-13 22:17:58: pid 1857: LOG: new connection received
//2015-10-13 22:17:58: pid 1857: DETAIL: connecting
host=10.0.0.5
port=65326
//2015-10-13 22:17:58: pid 1857: LOG: pool_ssl:
"SSL_read": "ssl
handshake failure"
//2015-10-13 22:17:58: pid 1857: ERROR: unable to read
data from
frontend
//2015-10-13 22:17:58: pid 1857: DETAIL: socket read
failed with an
error "Success"/Please let me know what wrong I am doing.
Not quite sure but given the below from the 9.5 Release Notes:
"
Remove server configuration parameter ssl_renegotiation_limit, which
was deprecated in earlier releases (Andres Freund)While SSL renegotiation is a good idea in theory, it has caused
enough bugs to be considered a net negative in practice, and it is
due to be removed from future versions of the relevant standards. We
have therefore removed support for it from PostgreSQL."I would check to see what ssl_renegotiation_limit is set to:
http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html
and if it is not set to 0, then try that.
Thanks & Regards.
--
Adrian Klaver
adrian.klaver@aklaver.com <mailto:adrian.klaver@aklaver.com>
--
Adrian Klaver
adrian.klaver@aklaver.com
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
Hi,
I am using pgpool-II version 3.4.3 (tataraboshi).
Where my database is Postgresql 8.4.I am trying to configure ssl mode from client and between pgpool and
database it is non-ssl.
I configured as document and now I am getting this in my log:*2015-10-13 22:17:58: pid 1857: LOG: new connection received*
*2015-10-13 22:17:58: pid 1857: DETAIL: connecting host=10.0.0.5
port=65326*
*2015-10-13 22:17:58: pid 1857: LOG: pool_ssl: "SSL_read": "ssl handshake
failure"*
*2015-10-13 22:17:58: pid 1857: ERROR: unable to read data from frontend**2015-10-13
22:17:58: pid 1857: DETAIL: socket read failed with an error "Success"*Please let me know what wrong I am doing.
Works for me using psql coming with PostgreSQL 9.4.5 and pgpool-II 3.4.3.
(This is Ubuntu 14.04. PostgreSQL and pgpool-II are compiled from the
source code).
$ psql -p 11000 -h localhost test
psql (9.4.5)
SSL connection (protocol: TLSv1, cipher: AES256-SHA, bits: 256, compression: off)
Type "help" for help.
I don't think your old PostgreSQL 8.4 server is related to your
problem because you are trying to enable SSL between client and
pgpool, not pgpool and PostgreSQL server. However psql coming with
PostgreSQL 8.4 might be related to the problem. Why don't you try
newer version of psql (more precisely, newer libpq).
I assume your SSL setting is perfect. If you are not sure, please take
a look at FAQ:
http://pgpool.net/mediawiki/index.php/FAQ#How_can_I_set_up_SSL_for_pgpool-II.3F
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
AI Rumman wrote:
I am using pgpool-II version 3.4.3 (tataraboshi).
Where my database is Postgresql 8.4.I am trying to configure ssl mode from client and between pgpool and database it is non-ssl.
I configured as document and now I am getting this in my log:2015-10-13 22:17:58: pid 1857: LOG: new connection received
2015-10-13 22:17:58: pid 1857: DETAIL: connecting host=10.0.0.5 port=65326
2015-10-13 22:17:58: pid 1857: LOG: pool_ssl: "SSL_read": "ssl handshake failure"
2015-10-13 22:17:58: pid 1857: ERROR: unable to read data from frontend
2015-10-13 22:17:58: pid 1857: DETAIL: socket read failed with an error "Success"Please let me know what wrong I am doing.
Does the problem occur immediately when you try to connect or only after some time?
If the latter, it may well be a renegotiation issue.
If the former, I can't guess.
WHat are the OpenSSL versions involved on both ends?
Yours,
Laurenz Albe
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general