Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cherokee: dev

Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS

 

 

Cherokee dev RSS feed   Index | Next | Previous | View Threaded


cherokee at googlecode

Nov 29, 2011, 1:51 AM

Post #1 of 18 (2262 views)
Permalink
Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS

Status: New
Owner: ----

New issue 1309 by dan...@d15.biz: Having IPv6 enabled breaks SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

I've found that when IPv6 is enabled, Cherokee serves plain HTTP on SSL
ports, even when the port is correctly marked as a SSL/TLS port. Once IPv6
is disabled, SSL works correctly. Another user in the Cherokee IRC channel
("minus") has encountered the same issue.

Previous (related) mailing list post:
http://permalink.gmane.org/gmane.comp.web.cherokee.general/8117

To reproduce:
1. Install Cherokee on Debian (I used Cherokee 1.2.100 from Debian Unstable)
2. Ensure IPv6 and SSL are both enabled and configured correctly
3. Go to https://server/

Expected: Page loads via SSL
Actual: Page does not load, but going to http://server:443/ works

My configuration:
- Debian Testing, all upgrades applied as at 29th November 2011
- Cherokee 1.2.100 from Debian Unstable

Also replicated with this configuration (by minus from IRC):
- Ubuntu 10.04, 32-bit
- Cherokee 1.2.101 from Ubuntu PPA

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Nov 29, 2011, 2:07 AM

Post #2 of 18 (2202 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #1 on issue 1309 by p...@noc4.net: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

looks like this could be the same as Issue 1308

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Nov 29, 2011, 4:09 AM

Post #3 of 18 (2207 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #2 on issue 1309 by alobbs: Having IPv6 enabled breaks SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

Looks like you did not mark the 443 port as a SSL/TLS port, that why it
loads with "http://" and fails with "https://".

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Nov 29, 2011, 4:13 AM

Post #4 of 18 (2205 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #3 on issue 1309 by daniel [at] d15: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

Port 443 is marked as an SSL/TLS port, and works when IPv6 is disabled.
However, as soon as IPv6 is enabled, it stops working as an SSL port and
just serves plain HTTP.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Nov 29, 2011, 6:22 AM

Post #5 of 18 (2200 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #4 on issue 1309 by p...@noc4.net: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

confirm behaviour as described in Comment 3 (see attached config screen
grab, and this config snippet):

config!version = 001002101
server!bind!3!interface = 31.3.231.205
server!bind!3!port = 443
server!bind!3!tls = 1
server!bind!4!interface = 31.3.231.205
server!bind!4!port = 80
server!bind!4!tls = 0
server!bind!5!interface = 2a02:2658:1017::450:3
server!bind!5!port = 443
server!bind!5!tls = 1
server!bind!6!interface = 2a02:2658:1017::450:3
server!bind!6!port = 80

actually IPv6 works as https and then IPv4 serves plain http on port 443

test with
http://31.3.231.205:443/
https://[2a02:2658:1017::450:3]:443/

i'll leave these on whilst this bug is in progress

Attachments:
General - Cherokee Admin.png 51.8 KB

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Nov 29, 2011, 3:56 PM

Post #6 of 18 (2201 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #5 on issue 1309 by ste...@konink.de: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

Issue 1308 has been merged into this issue.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Nov 29, 2011, 4:10 PM

Post #7 of 18 (2211 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #6 on issue 1309 by p...@noc4.net: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

after further testing it appears that when binding to all addresses with:

config!version = 001002101
server!bind!1!port = 80
server!bind!1!tls = 0
server!bind!2!port = 443
server!bind!2!tls = 1

everything behaves as expected on v4 & v6

however with:

config!version = 001002101
server!bind!3!interface = 31.3.231.205
server!bind!3!port = 443
server!bind!3!tls = 1
server!bind!4!interface = 31.3.231.205
server!bind!4!port = 80
server!bind!4!tls = 0
server!bind!5!interface = 2a02:2658:1017::450:3
server!bind!5!port = 443
server!bind!5!tls = 1
server!bind!6!interface = 2a02:2658:1017::450:3
server!bind!6!port = 80

the ports and protocols become muddled up as described above

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Jan 4, 2012, 10:17 PM

Post #8 of 18 (2148 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #7 on issue 1309 by soc...@anonsphere.com: Having IPv6 enabled
breaks SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

I tried to add IPv6 support to my server and found exact the same behaviour
(.101 debian). IPv6 enabled => SSL broken. Another (usability) problem is,
that cherokee fails to start when IPv6 is disabled, but the v6 adress is
added, because port 443 is blocked.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Jan 4, 2012, 10:25 PM

Post #9 of 18 (2144 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #8 on issue 1309 by soc...@anonsphere.com: Having IPv6 enabled
breaks SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

Oh and it works, if you attach port 80 and 443 to all interfaces as comment
6 mentions.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Jan 6, 2012, 11:41 AM

Post #10 of 18 (2136 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #9 on issue 1309 by paul [at] noc4: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

any news on the "new architecture" which is going to fix this issue?

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Jan 6, 2012, 12:04 PM

Post #11 of 18 (2138 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #10 on issue 1309 by ste...@konink.de: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

https://github.com/cherokee/webserver/tree/dev

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Jan 7, 2012, 2:30 PM

Post #12 of 18 (2141 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #11 on issue 1309 by ste...@konink.de: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

http://www.cherokee-project.com/download/pre-releases/cherokee-1.3.0A1.tar.gz

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Feb 18, 2012, 4:18 AM

Post #13 of 18 (2027 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #12 on issue 1309 by jeremy.v...@gmail.com: Having IPv6 enabled
breaks SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

Issue is reproducible with 1.3.0A2.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Apr 26, 2012, 8:10 AM

Post #14 of 18 (1941 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #13 on issue 1309 by martin.b...@gmail.com: Having IPv6 enabled
breaks SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

I'm having this issue with 1.3.0A2 (Debian Squeeze) too.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Apr 26, 2012, 8:15 AM

Post #15 of 18 (1935 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #14 on issue 1309 by martin.b...@gmail.com: Having IPv6 enabled
breaks SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

I'm having this issue with 1.3.0A2 (Debian Squeeze) too but only if I have
multiple IPs binded.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Jul 15, 2012, 2:59 PM

Post #16 of 18 (1796 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #15 on issue 1309 by ammac...@gmail.com: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

Reproducible with Cherokee 1.2.101 from FreeBSD ports on FreeBSD
8.3-RELEASE-p3 amd64. Disabling IPv6 access allows SSL to work over IPv4.

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Jul 15, 2012, 3:33 PM

Post #17 of 18 (1788 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #16 on issue 1309 by ste...@konink.de: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

Can you also reproduce this with the current github master version?

_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev


cherokee at googlecode

Feb 28, 2013, 1:17 AM

Post #18 of 18 (1420 views)
Permalink
Re: Issue 1309 in cherokee: Having IPv6 enabled breaks SSL/TLS [In reply to]

Comment #17 on issue 1309 by paul [at] noc4: Having IPv6 enabled breaks
SSL/TLS
http://code.google.com/p/cherokee/issues/detail?id=1309

sadly yes:

# git describe
v1.2.101-112-gacfe9d6

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
_______________________________________________
Cherokee-dev mailing list
Cherokee-dev [at] lists
http://lists.octality.com/listinfo/cherokee-dev

Cherokee dev RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.