"No route to host" with ssl but not with telnet

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Clemens Bergmann on Server Fault See other posts from Server Fault or by Clemens Bergmann
Published on 2012-11-30T05:44:49Z Indexed on 2012/12/04 17:09 UTC
Read the original article Hit count: 362

Filed under:
|
|
|

I have a strange problem with connecting to a https site from one of my servers.

When I type:

 telnet puppet 8140

I am presented with a standard telnet console and can talk to the Server as always:

Connected to athena.hidden.tld.
Escape character is '^]'.
GET / HTTP/1.1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href="https://athena.hidden.tld:8140/"><b>https://athena.hidden.tld:8140/</b></a></blockquote></p>
<hr>
<address>Apache/2.2.16 (Debian) Server at athena.hidden.tld Port 8140</address>
</body></html>
Connection closed by foreign host.

But when I try to connect to the same host and port with ssl:

openssl s_client -connect puppet:8140

It is not working

connect: No route to host
connect:errno=113

I am confused. At first it sounded like a firewall problem but this could not be, could it? Because this would also prevent the telnet connection.

As Firewall I am using ferm on both servers. The systems are debian squeeze vm-boxes.

[edit 1]

Even when I try to connect directly with the IP address:

openssl s_client -connect 198.51.100.1:8140 #address exchanged
connect: No route to host
connect:errno=113

Bringing down the firewalls on both hosts with

service ferm stop

is also not helping.

But when I do 

openssl s_client -connect localhost:8140

on the server machine it is connecting fine.

[edit 2]

if I connect to the IP with telnet it also is not working.

telnet 198.51.100.1 8140
Trying 198.51.100.1...
telnet: Unable to connect to remote host: No route to host

The confusion might come from IPv6. I have IPv6 on all my hosts. It seems that telnet uses IPv6 by default and this works. For example:

telnet -6 puppet 8140

works but 

telnet -4 puppet 8140

does not work. So there seems to be a problem with the IPv4 route. openssl seems to only (or by default) use IPv4 and therefore fails but telnet uses IPv6 and succeeds.

© Server Fault or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about linux

Related posts about ssl

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle