1 Answer
- Newest
- Most votes
- Most comments
0
One of my coworkers was able to compare the system settings that were set for amazon Linux and ubuntu
And we found out that net.ipv4.ip_default_ttl set to be 64 on ubuntu instances while amazon linux was using 255.
After updating that to be 255, the ssl issues went away.
Amazon Linux
net.ipv4.conf.default.promote_secondaries=1 net.ipv4.conf.default.secure_redirects=1 net.ipv4.conf.default.send_redirects=1 net.ipv4.ip_default_ttl=255 net.ipv4.neigh.default.gc_thresh1=0 net.ipv4.neigh.default.gc_thresh2=15360 net.ipv4.neigh.default.gc_thresh3=16384 net.ipv4.tcp_challenge_ack_limit=1000 net.ipv4.tcp_limit_output_bytes=262144 net.ipv4.tcp_max_orphans=4096 net.ipv4.tcp_max_syn_backlog=128 net.ipv4.tcp_max_tw_buckets=4096 net.ipv4.tcp_mem=10755 14340 21510 net.ipv4.tcp_rmem=4096 87380 6291456 net.ipv4.tcp_tw_reuse=0 net.ipv4.tcp_wmem=4096 20480 4194304 net.ipv4.udp_mem=21510 28680 43020 net.netfilter.nf_log.2=NONE``` ```net.ipv4.conf.default.log_martians = 1 net.ipv4.conf.default.promote_secondaries = 0 net.ipv4.conf.default.secure_redirects = 0 net.ipv4.conf.default.send_redirects = 0 net.ipv4.ip_default_ttl = 64 net.ipv4.neigh.default.gc_thresh1 = 128 net.ipv4.neigh.default.gc_thresh2 = 512 net.ipv4.neigh.default.gc_thresh3 = 1024 net.ipv4.tcp_challenge_ack_limit = 999999999 net.ipv4.tcp_limit_output_bytes = 1048576 net.ipv4.tcp_max_orphans = 65536 net.ipv4.tcp_max_syn_backlog = 1024 net.ipv4.tcp_max_tw_buckets = 65536 net.ipv4.tcp_mem = 188412 251218 376824 net.ipv4.tcp_rmem = 4096 131072 6291456 net.ipv4.tcp_tw_reuse = 2 net.ipv4.tcp_wmem = 4096 16384 4194304 net.ipv4.udp_mem = 376827 502436 753654 net.netfilter.nf_log.2 = nf_log_ipv4```
answered 3 years ago
Relevant content
- Accepted Answerasked a year ago
- asked 10 months ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated 4 months ago
- AWS OFFICIALUpdated a year ago