Maintained by: NLnet Labs

no unbound-control without certificates?

Ralph Dolmans
Thu Nov 3 18:08:09 CET 2016


Hi Andreas,

Are you using OpenSSL 1.1? Apparently it introduced security levels and
by default doesn't allow aNULL ciphers. I just commited a version to our
repository that sets the security level to 0 for the remote control ssl
context when control-use-cert is no.

Regards,
-- Ralph

On 03-11-16 14:38, A. Schulze via Unbound-users wrote:
> 
> Hello,
> 
> after update from 1.5.9 to 1.5.10 "unbound-control reload" no longer work:
> 
> the relevant unbound.conf section:
>     remote-control:
>       control-enable: yes
>       control-interface: /path/to/unbound-control.socket
>       control-use-cert: no
> 
> # ls -la /path/to/unbound-control.socket
> srw-rw---- 1 unbound unbound 0 Nov  3 14:24 /path/to/unbound-control.socket
> 
> # unbound-control reload
> error: SSL handshake failed
> 140666240513792:error:141640B5:SSL
> routines:tls_construct_client_hello:no ciphers
> available:ssl/statem/statem_clnt.c:815:
> 
> Andreas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <https://unbound.nlnetlabs.nl/pipermail/unbound-users/attachments/20161103/b554cc6a/attachment.sig>