:::: MENU ::::

Monthly Archives / June 2016

  • Jun 09 / 2016
  • 0
Linux, Python

openssl/pyOpenSSL – “SSL23_GET_SERVER_HELLO:tlsv1 alert internal error”

You’re getting this annoying error message again and again when trying to fetch certificate and/or establish a connection to your website using openssl:

This issue is well known in several openssl versions, and a bug has been addressed for Ubuntu repositories:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1475228

For now, there’s a simple workaround that works to quickly fix it!

For openssl

If you’re facing it while using openssl directly, you can fix it by specifying the servername on command-line:

For pyOpenSSL

If you’re having this issue while using pyOpenSSL (python wrapper for OpenSSL), it can also be fixed with a quick workaround by adding the option set_tlsext_host_name() to specify the server name in your “Connection” object.
You will get something like this:

  • Jun 02 / 2016
  • 0
Linux

Configure VLan interface (with alias)

If you want to isolate multiple networks, you can use VLAN (Virtual LAN). On most of the switches, you can configure VLAN to handle tagged packets and be able to send them to a specific port by isolating it. A VLAN is assigned a specific id that can be any number between 1 and 4096.

Most of the Linux distributions can handle tagged packets and VLAN usage, but this feature is not mandatory enabled by default. For the example, I’ll present here how you can enable and configure VLAN on Ubuntu Server 14.04.

First, you need to install the vlan package:

Temporary configuration

Then, you should load the 8021q module into the kernel (guessing you’re using a recent and not customized kernel):

As it’s not possible to create a VLAN on virtual interface, you will have to use physical interface and alias to make it work. You can create additional interface with:

Then, you can assign an address to this interface:

And finally make the interface up:

Permanent configuration

You have to load the module automatically and permanently:

Finally, set the configuration in /etc/network/interfaces in order to make it loaded on startup:

Question ? Contact