Project

General

Profile

Actions

Bug #11774

closed

unbound control shows SSL error

Added by Nitin Gupta over 3 years ago. Updated over 3 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
DNS Resolver
Target version:
-
Start date:
04/02/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.x
Affected Architecture:
amd64

Description

When executing the following command:

/usr/local/sbin/unbound-control -c /var/unbound/unbound.conf stats

I expect to see unbound stats. Instead, I get the following error:
error: could not SSL_read
34375933952:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:/build/ce-crossbuild-251/sources/FreeBSD-src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 80

Same error on two different systems. One running the 2.6.0-DEVELOPMENT branch and the other running the 2.5.1-RC branch (both on the most recent build).


Files


Related issues

Is duplicate of Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain casesResolvedLuiz Souza04/06/2021

Actions
Actions #1

Updated by Nitin Gupta over 3 years ago

Also, I get no stats under Status > DNS Resolver

Actions #2

Updated by Viktor Gurov over 3 years ago

  • Status changed from New to Rejected

Unable to reproduce this issue on 2.5.1.r.20210403.0300 and 2.6.0.a.20210403.0100:

# /usr/local/sbin/unbound-control -c /var/unbound/unbound.conf stats
thread0.num.queries=0
thread0.num.queries_ip_ratelimited=0
thread0.num.cachehits=0
thread0.num.cachemiss=0
thread0.num.prefetch=0
thread0.num.expired=0
thread0.num.recursivereplies=0
thread0.requestlist.avg=0
thread0.requestlist.max=0
thread0.requestlist.overwritten=0
...

This site is not for support or diagnostic discussion.

For assistance in solving problems, please post on the Netgate Forum or the pfSense Subreddit .

See Reporting Issues with pfSense Software for more information.

Actions #3

Updated by Greg Shaffer over 3 years ago

I'm seeing similar SSL type errors in 2.5.1.r.20210405.0300. When I run the command "/usr/local/www: /usr/local/sbin/unbound-control -c /var/unbound/unbound.conf dump_infra" I get the following error:

error: could not SSL_read
34375933952:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:/build/ce-crossbuild-251/sources/FreeBSD-src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 80

I'm also seeing the following errors in resolver.log:
Apr 5 17:23:31 egis unbound41328: [41328:0] notice: failed connection from 127.0.0.1 port 53540
Apr 5 17:23:31 egis unbound41328: [41328:0] error: remote control failed ssl crypto error:0201502D:system library:ioctl:Operation not supported
Apr 5 17:23:31 egis unbound41328: [41328:0] error: and additionally crypto error:1427D044:SSL routines:construct_stateless_ticket:internal error
Apr 5 17:23:31 egis unbound41328: [41328:0] error: and additionally crypto error:0201502D:system library:ioctl:Operation not supported

Actions #4

Updated by Jim Pingle over 3 years ago

  • Status changed from Rejected to Duplicate

Looks like this is a duplicate of #11785 (which has better info, even though it came after)

Actions #5

Updated by Jim Pingle over 3 years ago

  • Is duplicate of Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases added
Actions

Also available in: Atom PDF