Bug #11774
closed
unbound control shows SSL error
Added by Nitin Gupta over 3 years ago.
Updated over 3 years ago.
Affected Architecture:
amd64
Description
When executing the following command:
/usr/local/sbin/unbound-control -c /var/unbound/unbound.conf stats
I expect to see unbound stats. Instead, I get the following error:
error: could not SSL_read
34375933952:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:/build/ce-crossbuild-251/sources/FreeBSD-src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 80
Same error on two different systems. One running the 2.6.0-DEVELOPMENT branch and the other running the 2.5.1-RC branch (both on the most recent build).
Files
Also, I get no stats under Status > DNS Resolver
- Status changed from New to Rejected
Unable to reproduce this issue on 2.5.1.r.20210403.0300 and 2.6.0.a.20210403.0100:
# /usr/local/sbin/unbound-control -c /var/unbound/unbound.conf stats
thread0.num.queries=0
thread0.num.queries_ip_ratelimited=0
thread0.num.cachehits=0
thread0.num.cachemiss=0
thread0.num.prefetch=0
thread0.num.expired=0
thread0.num.recursivereplies=0
thread0.requestlist.avg=0
thread0.requestlist.max=0
thread0.requestlist.overwritten=0
...
This site is not for support or diagnostic discussion.
For assistance in solving problems, please post on the Netgate Forum or the pfSense Subreddit .
See Reporting Issues with pfSense Software for more information.
I'm seeing similar SSL type errors in 2.5.1.r.20210405.0300. When I run the command "/usr/local/www: /usr/local/sbin/unbound-control -c /var/unbound/unbound.conf dump_infra" I get the following error:
error: could not SSL_read
34375933952:error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error:/build/ce-crossbuild-251/sources/FreeBSD-src/crypto/openssl/ssl/record/rec_layer_s3.c:1544:SSL alert number 80
I'm also seeing the following errors in resolver.log:
Apr 5 17:23:31 egis unbound41328: [41328:0] notice: failed connection from 127.0.0.1 port 53540
Apr 5 17:23:31 egis unbound41328: [41328:0] error: remote control failed ssl crypto error:0201502D:system library:ioctl:Operation not supported
Apr 5 17:23:31 egis unbound41328: [41328:0] error: and additionally crypto error:1427D044:SSL routines:construct_stateless_ticket:internal error
Apr 5 17:23:31 egis unbound41328: [41328:0] error: and additionally crypto error:0201502D:system library:ioctl:Operation not supported
- Status changed from Rejected to Duplicate
Looks like this is a duplicate of #11785 (which has better info, even though it came after)
- Is duplicate of Regression #11785: OpenSSL "Operation not supported" error with cryptodev in certain cases added
Also available in: Atom
PDF
Updated by 
Updated by Viktor Gurov 
Updated by 
Updated by 