1Answer
  • 10
name

A PHP Error was encountered

Severity: Notice

Message: Undefined index: userid

Filename: views/question.php

Line Number: 191

Backtrace:

File: /home/prodcxja/public_html/questions/application/views/question.php
Line: 191
Function: _error_handler

File: /home/prodcxja/public_html/questions/application/controllers/Questions.php
Line: 433
Function: view

File: /home/prodcxja/public_html/questions/index.php
Line: 315
Function: require_once

name Punditsdkoslkdosdkoskdo

RHEL ports not using same cipher

[UPDATE]
I ran the openssl command from a couple servers and my local machine. It seems like port 9443 is not remaining consistent. The cipher on server1:9443 remained the same from the first server (RHEL5) I queried from. However, querying from my local machine (Win7) and a VM (RHEL6.9) result in a 0000 cipher.

I don't think the outage is related to my port cipher difference, because additional tests are showing the application is back online using similar environment settings as the end user. I was reading an article that the F5 balancer could potentially cause issues. So I'll investigate that route with the admins.

But I'd still like to know why the ports are reflecting different ciphers and how to correct it. [/UPDATE]

I have two servers, both have two instances of application servers on them. Each application server instance is configured to use the same SSL protocols and cipher.

From the configs:

sslProtocols = "TLSv1,TLSv1.1,TLSv1.2"
ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
    TLS_RSA_WITH_AES_128_CBC_SHA256,
    TLS_RSA_WITH_AES_128_CBC_SHA,
    TLS_RSA_WITH_AES_256_CBC_SHA256,
    TLS_RSA_WITH_AES_256_CBC_SHA"

Clients reported an outage in certain cases for Server1:9443

I ran from the commandline: openssl s_client -connect server:port

Server1:8443

Protocol  : TLSv1
Cipher    : AES128-SHA

Server1:9443

Protocol  : TLSv1
Cipher    : DHE-RSA-AES256-SHA

Server2:8443

Protocol  : TLSv1
Cipher    : AES128-SHA

Server2:9443

Protocol  : TLSv1
Cipher    : AES128-SHA

Why would server1:9443 reflect differently?

Both servers are on RHEL 5.11.

[EDIT]
From the commandline netstat -tupln

Server1:

tcp        0      0 0.0.0.0:9443                0.0.0.0:*                   LISTEN      9709/java

Server2:

tcp        0      0 0.0.0.0:9443                0.0.0.0:*                   LISTEN      718/java
tcp        0      0 0.0.0.0:8443                0.0.0.0:*                   LISTEN      5900/java    

Server1 /etc/services lists 8443 as pcsync-https. Verified by running the command sudo netstat -t -l -p |grep pcsync-https on server1.

tcp        0      0 *:pcsync-https                *:*                   LISTEN      7037/java

[/EDIT]

So it wasn't the cipher, but the redirect port... one the clients weren't using and was shutoff on one server, but not the other.

 <Connector port="8080" address="${jboss.bind.address}"
     maxThreads="250" maxHttpHeaderSize="8192"
     emptySessionPath="true" protocol="HTTP/1.1"
     enableLookups="false" redirectPort="8443" acceptCount="100"
     connectionTimeout="20000" disableUploadTimeout="true" />

Once we commented out this block from the JBoss server.xml file and restarted the service, things started working as intended. Each port on both servers are now reflecting the same, server-client cipher.

  • 0
Reply Report

Trending Tags