Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 3205 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Peer certificate errors with Boinc:World Community Grid

SalishSwede
I'm getting the following errors with WorldCommunity Grid (an IBM public research project employing distributed computing technology via Boinc [see http://boinc.berkeley.edu]).

Msg 1:  Request  new tasks for CPU
Msg 2: Project communication failed: attempting access to reference site.
Msg 3: Scheduler request failed: Peer certificate cannot be authenticated with given CA certificate.

The Web Filter log shows the following errors:


[FONT=monospace]2013:04:15-14:04:12  wahine httpproxy[4741]: id="0003" severity="info" sys="SecureWeb"  sub="http" request="0xaf6e9040" function="ssl_log_errors" file="ssl.c"  line="58" message="C 10.1.0.3: 3933391728:error:14094418:SSL  routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1197:SSL alert  number 48" [/FONT]
[FONT=monospace]2013:04:15-14:04:12  wahine httpproxy[4741]: id="0003" severity="info" sys="SecureWeb"  sub="http" request="0xaf6e9040" function="ssl_log_errors" file="ssl.c"  line="58" message="C 10.1.0.3: 3933391728:error:140940E5:SSL  routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:947:" [/FONT]

Is there any way to circumvent this?
I originally thought this was due to the self-signed nature of the Astaro/Sophos certificates.
Given the handshake errors, perhaps not.

Any input appreciated.


This thread was automatically locked due to age.
  • 0
    Update: the Web Filtering log shows the following error associated with this traffic:

    [FONT=monospace]2013:04:15-14:04:12  wahine httpproxy[4741]: id="0003" severity="info" sys="SecureWeb"  sub="http" request="0xaf6e9040" function="ssl_log_errors" file="ssl.c"  line="58" message="C 10.1.0.3: 3933391728:error:14094418:SSL  routines:SSL3_READ_BYTES:tlsv1 alert unknown ca:s3_pkt.c:1197:SSL alert  number 48" [/FONT]
    [FONT=monospace]2013:04:15-14:04:12  wahine httpproxy[4741]: id="0003" severity="info" sys="SecureWeb"  sub="http" request="0xaf6e9040" function="ssl_log_errors" file="ssl.c"  line="58" message="C 10.1.0.3: 3933391728:error:140940E5:SSL  routines:SSL3_READ_BYTES:ssl handshake failure:s3_pkt.c:947:"

    [/FONT]
  • 0
    Answered my own question.
    1.  The error does appear to be associated with self-signed CAs.
    2.  Adding an exception under Web Protection \ Web Filtering \ Advanced \ 
    Skip transparent mode destination hosts/nets
     and adding an exception for "www.worldcommunitygrid.com" takes care of the problem.
  • 0 in reply to SalishSwede

    Four years later and still getting these errors.
    Anyone?

  • 0 in reply to dougga

    If the SSL3 in the log refers to SSLv3, since the POODLE situation, that's no longer allowed with the UTM.  I'm surprised that IBM still supports that though.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML