2009/7/21 Igor Sysoev <is...@rambler-co.ru>:
On Mon, Jul 20, 2009 at 01:09:22PM +0300, Doncho Gunchev wrote:
Hello,
First of all many thanks for nginx.
I have a machine where 'ssl_prefer_server_ciphers on;' plus Internet
Explorer 7 (win 2003/XP) causes segmentation fault in Kerberos
libraries:
--- cut ---
Program received signal SIGSEGV, Segmentation fault.
0x00000036b7e610a2 in krb5_is_referral_realm () from /usr/lib64/libkrb5.so.3
(gdb) bt
#0 0x00000036b7e610a2 in krb5_is_referral_realm () from /usr/lib64/libkrb5.so.3
#1 0x00000036b7e48ade in krb5_kt_get_entry () from /usr/lib64/libkrb5.so.3
#2 0x00000036b963862e in kssl_keytab_is_available () from /lib64/libssl.so.6
#3 0x00000036b961e2d5 in ssl3_choose_cipher () from /lib64/libssl.so.6
#4 0x00000036b9619a7b in ssl3_get_client_hello () from /lib64/libssl.so.6
--- cut ---
The host OS is RHEL 5.3 fully updated. I tried 32 and 64 bit versions
from 0.6.32 to 0.6.38 with and without perl. The CPU is Intel(R)
Xeon(R) CPU E5410 @ 2.33GHz. Exactly the same binary works on other
machines (including KVM virtual ones) on CentOS 5.3 fully updated and
I was using it on another machine with RHEL (have no access to that
one any more).
Can I help further? Can I disable all kerberos related stuff in the
meantime somehow?
Could you confirm that "ssl_prefer_server_ciphers off" does not cause
faults ?
Yes, that's the way I'm using it currently.
As to disabling kerberos you may try to build OpenSSL statically
with nginx:
./configure --with-openssl=/path/to/openssl/sources --with-openssl-opt=no-krb5
Thank you, will try ASAP :)
4 messages in ru.sysoev.nginxRe: nginx ssl_prefer_server_ciphers a...
