[Bug 63374] New: Connection rejected by Apache HTTPD server when MTU size of eth1 interface is 9000

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Bug 63374] New: Connection rejected by Apache HTTPD server when MTU size of eth1 interface is 9000

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=63374

            Bug ID: 63374
           Summary: Connection rejected by Apache HTTPD server when MTU
                    size of eth1 interface is 9000
           Product: Apache httpd-2
           Version: 2.4.37
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: All
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

I'm hosting Python Flask application in Apache HTTPD server with WSGI and using
MASSL authentication for Clients

The configuration works absolutely fine in my Non-prod nodes which run in RHEL
6.9 OS and having openSSLv3 & TLSv1.2. In Production, I'm having exact same
configuration but has MTU size of eth0 & eth1 as 9000 (we are running in 4 node
RHEL active-active Cluster and have dedicated private VLAN for Cluster
heartbeat communication)

eth0 is not having any issue but if eth1 is reset back to default 1500 the
connection works fine but when it is set to 9000 it fails

Following is the error from Client for failed connection request

curl https://xxxx:9443/ --cert ./xx.pem --key ./xx.key -vvvv -k -i
* About to connect() to xxx port 9443 (#0)
*   Trying xxx...
* Connected to xxx (xxx) port 9443 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* skipping SSL peer certificate verification
* NSS: client certificate from file
*       subject: CN=xxx,OU=xx,O=xx,L=xx,ST=xx,C=xx
*       start date: xxx xx xx:xx:xx xxxx GMT
*       expire date: xxx xx xx:xx:xx xxxx GMT
*       common name: xxxx
*       issuer: CN=xx AD Objects CA G2,DC=core,DC=dir,DC=xx,DC=xx
* NSS error -5938 (PR_END_OF_FILE_ERROR)
* Encountered end of file
* Closing connection 0
curl: (35) Encountered end of file

Note: The Client lives in AWS which has the MTU size of 9000 & I've tried
importing my Certificate into NSS database which did not helped

Apache HTTPD.conf
Listen 9443
<VirtualHost *:9443>
        SSLEngine on
    <IfModule unixd_module>
            User https
            Group https
    </IfModule>

    <Directory />
        #AllowOverride none
        #Require all denied
        Require all granted
    </Directory>

    Alias /media/ /var/www/xxxx/htdocs/media/
    Alias /static/ /var/www/xxxx/htdocs/static/

    ServerAdmin [hidden email]
    ServerName www.xxxx.net
    ServerAlias xxx.net

    <Directory "/var/www/xxx/htdocs/static/">
      Require all granted
    </Directory>

    <Directory "/var/www/xxx/htdocs/media/">
      Require all granted
    </Directory>
    SSLVerifyClient require
    SSLVerifyDepth 10
    SSLCertificateKeyFile "/xxx/xxxx.key"
    SSLCACertificateFile "/xxx/xxx.pem"
    SSLCertificateFile "/xxx/xxx.pem"

    <Directory "/var/www/xxx/">
        #<Files>
            Require all granted
        #</Files>
    </Directory>

    #
    # WSGI Configuration
    #
    WSGIDaemonProcess xxx python-path=xxxx user=xxx group=xxx threads=6
    WSGIScriptAlias / /var/www/xxx
    WSGIProcessGroup xxx

    DocumentRoot "/var/www/xxx/xxx"
    <Directory "/var/www/xxx/htdocs">
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>

    ErrorLog /var/www/xxx/logs/error.log
    CustomLog /var/www/xxx/logs/access.log combined
    LogLevel warn
</VirtualHost>

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]