SSL connection hangs as client hello (curl, openssl client, apt-get, wget, everything)
- by Niklas B
Hi,
I've run into a problem on my Debian VPS (a xen domU) regarding SSL. Namely almost all SSL connections hangs at client hello. For example:
# curl -vI https://graph.facebook.com
About to connect() to graph.facebook.com port 443 (#0)
Trying 66.220.146.48... connected
Connected to graph.facebook.com (66.220.146.48) port 443 (#0)
successfully set certificate verify locations:
CAfile: none
CApath: /etc/ssl/certs
SSLv3, TLS handshake, Client hello (1):
It's the same when using the openssl client. However, some of the SSL traffic works (for example https://www.nordea.se).
Server
#uname -a
Linux server.com 2.6.26-1-xen-amd64 #1 SMP Fri Mar 13 21:39:38 UTC 2009 x86_64 GNU/Linux
It does however work on my Dom 0 (the main xen host).
Apt-get
I can't even run apt-get update with the debian security sources (hangs on reading headers)
Open SSL
At the begining I thought I had an old openssl client (0.9.8o-4) since I appeared to have a newer on the Dom 0 (0.9.8g-15+lenny8) but doing a manuanl update on the openssl deb didn't help.
Open SSL Client
This is the full output of when the openssl client hangs: http://pastebin.com/PAjwMap9
Closing thoughts
I've Googled the crap out of this, and I'm not getting any further. I've seen problems with curl, apt-get etc. but they are all specific relating to the very application - not general for the system. Any thoughts?