SSL_connect issues after patching Debian SSL packages
I have a puppetlabs master (3.6.1-1) installed on a Debian 7 VMware VM server with Debian 6/7 clients (the clients are using the puppet that is bundled with Debian).
Some of my clients are having the following error some of the time:
err: Could not retrieve catalog from remote server: SSL_connect SYSCALL returned=5 errno=0 state=SSLv3 read server session ticket A
warning: Not using cache on failed catalog
This all started when I patched all the boxes for the SSL issue and I haven't been able to fix it.
Its not all the time and its not older Debian 6 boxes either. Its random across boxes some Debian 6 are OK, some are failing. Some Debian 7 are OK, some are failing. Some physical boxes are OK, some are failing. Some VMs are OK, some are failing. I could understand if the boxes where built differently, but they built using puppet!
I have tried the following and it hasn't helped:
Upgrading client to puppetlabs package instead of the Debian 6/7 packages. Revoking client cert on server and removing /var/lib/puppet/ssl. Removing all server packages and recreating server including all SSL certs. Confirming NTP server for puppet server and client is the same box (rebooting both failing client and server too) Trying the Web brick server instead of apache/passenger Upgrading passenger to latest version and compiling
Any suggestions on sorting this problem would be appreciated.