You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2019/04/23 01:26:39 UTC
[Bug 63374] New: Connection rejected by Apache HTTPD server when MTU
size of eth1 interface is 9000
https://bz.apache.org/bugzilla/show_bug.cgi?id=63374
Bug ID: 63374
Summary: Connection rejected by Apache HTTPD server when MTU
size of eth1 interface is 9000
Product: Apache httpd-2
Version: 2.4.37
Hardware: Other
OS: Linux
Status: NEW
Severity: major
Priority: P2
Component: All
Assignee: bugs@httpd.apache.org
Reporter: vijay.krish@hotmail.com
Target Milestone: ---
I'm hosting Python Flask application in Apache HTTPD server with WSGI and using
MASSL authentication for Clients
The configuration works absolutely fine in my Non-prod nodes which run in RHEL
6.9 OS and having openSSLv3 & TLSv1.2. In Production, I'm having exact same
configuration but has MTU size of eth0 & eth1 as 9000 (we are running in 4 node
RHEL active-active Cluster and have dedicated private VLAN for Cluster
heartbeat communication)
eth0 is not having any issue but if eth1 is reset back to default 1500 the
connection works fine but when it is set to 9000 it fails
Following is the error from Client for failed connection request
curl https://xxxx:9443/ --cert ./xx.pem --key ./xx.key -vvvv -k -i
* About to connect() to xxx port 9443 (#0)
* Trying xxx...
* Connected to xxx (xxx) port 9443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate from file
* subject: CN=xxx,OU=xx,O=xx,L=xx,ST=xx,C=xx
* start date: xxx xx xx:xx:xx xxxx GMT
* expire date: xxx xx xx:xx:xx xxxx GMT
* common name: xxxx
* issuer: CN=xx AD Objects CA G2,DC=core,DC=dir,DC=xx,DC=xx
* NSS error -5938 (PR_END_OF_FILE_ERROR)
* Encountered end of file
* Closing connection 0
curl: (35) Encountered end of file
Note: The Client lives in AWS which has the MTU size of 9000 & I've tried
importing my Certificate into NSS database which did not helped
Apache HTTPD.conf
Listen 9443
<VirtualHost *:9443>
SSLEngine on
<IfModule unixd_module>
User https
Group https
</IfModule>
<Directory />
#AllowOverride none
#Require all denied
Require all granted
</Directory>
Alias /media/ /var/www/xxxx/htdocs/media/
Alias /static/ /var/www/xxxx/htdocs/static/
ServerAdmin xxx@xxx.com
ServerName www.xxxx.net
ServerAlias xxx.net
<Directory "/var/www/xxx/htdocs/static/">
Require all granted
</Directory>
<Directory "/var/www/xxx/htdocs/media/">
Require all granted
</Directory>
SSLVerifyClient require
SSLVerifyDepth 10
SSLCertificateKeyFile "/xxx/xxxx.key"
SSLCACertificateFile "/xxx/xxx.pem"
SSLCertificateFile "/xxx/xxx.pem"
<Directory "/var/www/xxx/">
#<Files>
Require all granted
#</Files>
</Directory>
#
# WSGI Configuration
#
WSGIDaemonProcess xxx python-path=xxxx user=xxx group=xxx threads=6
WSGIScriptAlias / /var/www/xxx
WSGIProcessGroup xxx
DocumentRoot "/var/www/xxx/xxx"
<Directory "/var/www/xxx/htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
ErrorLog /var/www/xxx/logs/error.log
CustomLog /var/www/xxx/logs/access.log combined
LogLevel warn
</VirtualHost>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 63374] Connection rejected by Apache HTTPD server when MTU size
of eth1 interface is 9000
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=63374
Joe Orton <jo...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
--- Comment #1 from Joe Orton <jo...@redhat.com> ---
It seems unlikely an MTU issue is an httpd bug - if this is still reproducible
please provide errors from error_log or ssl_error_log as appropriate.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org