You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Andres Morey <an...@octopart.com> on 2009/03/04 15:41:07 UTC
[users@httpd] SSL ERRORS
Hi All,
If you turn on your LogLevel to info you will see the following errors
in your apache log:
(70007)The timeout specified has expired: SSL input filter read failed.
SSL library error 1 in handshake
SSL Library Error: 336027900 error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to
HTTPS port!?
Connection closed to child 9 with abortive shutdown
This is extremely worrying. Does anybody know how to fix these SSL
errors?
Thanks,
Andres
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] SSL ERRORS
Posted by Andres Morey <an...@octopart.com>.
I don't think the problem is talking to port 443 with HTTP. Here's the
apache response when I access http://localhost:443/:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
This is the error I am getting after every request:
(70007)The timeout specified has expired: SSL input filter read failed.
and these are the errors I get after a graceful restart:
SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML
error page
SSL Library Error: 336027804 error:1407609C:SSL
routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS
port!?
If possible, could you set your LogLevel to info to see if you are
seeing these errors as well? I have noticed these errors with Apache
2.2.11 on linux and on OS X. I'm attaching my apache config file to
this email.
Thanks for helping me debug this!
-Andres
Listen 80
Listen 443
LoadModule ssl_module modules/mod_ssl.so
ServerName example
ServerAdmin admin@example.com
ServerRoot "/usr/local/apache2"
ServerSignature Off
ServerTokens Prod
DocumentRoot "/usr/local/apache2/htdocs"
LogLevel info
ErrorLog logs/error_log
Timeout 300
KeepAlive on
MaxKeepAliveRequests 100
KeepAliveTimeout 15
MinSpareServers 8
MaxSpareServers 16
MaxClients 256
MaxRequestsPerChild 100000
DefaultType text/plain
FileETag none
AllowEncodedSlashes On
<IfModule !mpm_netware_module>
User daemon
Group daemon
</IfModule>
SSLSessionCache "shmcb:/usr/local/apache2/logs/
ssl_scache(512000)"
SSLSessionCacheTimeout 300
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
NameVirtualHost *:80
NameVirtualHost *:443
<VirtualHost *:80>
SSLEngine off
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /usr/local/apache2/htdocs>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/sslcerts/_.example.crt
SSLCertificateKeyFile /usr/local/apache2/conf/sslcerts/
_.example.key
SSLCertificateChainFile /usr/local/apache2/conf/sslcerts/
gd_bundle.crt
<Directory />
Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
</Directory>
<Directory /usr/local/apache2/htdocs>
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
<IfModule mime_module>
TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
</IfModule>
On Mar 4, 2009, at 9:55 AM, Eric Covener wrote:
> On Wed, Mar 4, 2009 at 9:41 AM, Andres Morey <an...@octopart.com>
> wrote:
>> Hi All,
>>
>> If you turn on your LogLevel to info you will see the following
>> errors in
>> your apache log:
>>
>> (70007)The timeout specified has expired: SSL input filter read
>> failed.
>> SSL library error 1 in handshake
>> SSL Library Error: 336027900 error:140760FC:SSL
>> routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL
>> to HTTPS
>> port!?
>> Connection closed to child 9 with abortive shutdown
>>
>> This is extremely worrying. Does anybody know how to fix these SSL
>> errors?
>
> Your connecting a to a HTTP port with HTTPS. It's probably just your
> config -- maybe you have <virtualhsot *> and need *:80 and *:443?
>
> A quick check is to connect to port 443 with HTTP and see if you get
> a response.
>
> --
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> " from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
Re: [users@httpd] SSL ERRORS
Posted by Eric Covener <co...@gmail.com>.
On Wed, Mar 4, 2009 at 9:41 AM, Andres Morey <an...@octopart.com> wrote:
> Hi All,
>
> If you turn on your LogLevel to info you will see the following errors in
> your apache log:
>
> (70007)The timeout specified has expired: SSL input filter read failed.
> SSL library error 1 in handshake
> SSL Library Error: 336027900 error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS
> port!?
> Connection closed to child 9 with abortive shutdown
>
> This is extremely worrying. Does anybody know how to fix these SSL errors?
Your connecting a to a HTTP port with HTTPS. It's probably just your
config -- maybe you have <virtualhsot *> and need *:80 and *:443?
A quick check is to connect to port 443 with HTTP and see if you get a response.
--
Eric Covener
covener@gmail.com
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org