You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/01/22 16:18:49 UTC

DO NOT REPLY [Bug 16333] New: - SSL Handshake problem

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16333>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16333

SSL Handshake problem

           Summary: SSL Handshake problem
           Product: Apache httpd-2.0
           Version: 2.0.44
          Platform: Sun
        OS/Version: Solaris
            Status: NEW
          Severity: Blocker
          Priority: Other
         Component: mod_ssl
        AssignedTo: bugs@httpd.apache.org
        ReportedBy: tcastelle@generali.fr


Hello, 

I just installed Apache 2.0.44 to test it against my currently running 2.0.43,
and I have a problem with my SSL websites.

The 2 configs are exactly the same, but with 2.0.44, I have this in the error.log :

(starting apache, everything seems OK...)

[Wed Jan 22 15:43:59 2003] [info] Loading certificate & private key of SSL-aware
server
[Wed Jan 22 15:43:59 2003] [debug] ssl_engine_pphrase.c(493): unencrypted RSA
private key - pass phrase not required
[Wed Jan 22 15:44:00 2003] [info] Configuring server for SSL protocol
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(436): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(611): Configuring permitted
SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH
:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(695): Configuring server
certificate chain (0 CA certificates)
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(739): Configuring RSA
server certificate
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(778): Configuring RSA
server private key
[Wed Jan 22 15:44:00 2003] [info] Loading certificate & private key of SSL-aware
server
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_pphrase.c(493): unencrypted RSA
private key - pass phrase not required
[Wed Jan 22 15:44:03 2003] [info] Configuring server for SSL protocol
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(436): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(611): Configuring permitted
SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH
:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(695): Configuring server
certificate chain (0 CA certificates)
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(739): Configuring RSA
server certificate
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(778): Configuring RSA
server private key

(Trying a request... error !)

[Wed Jan 22 15:49:24 2003] [info] Connection to child 66 established (server
www.gfasante.proto.generali.fr:443, client 172.30
.220.24)
[Wed Jan 22 15:49:24 2003] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jan 22 15:49:24 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL:
Handshake: start
[Wed Jan 22 15:49:24 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop:
before/accept initialization
[Wed Jan 22 15:49:40 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read 0/11
bytes from BIO#1004f8850 [mem: 1004fe060] (BIO du
mp follows)
[Wed Jan 22 15:49:40 2003] [debug] ssl_engine_io.c(1424):
+-------------------------------------------------------------------
------+
[Wed Jan 22 15:49:40 2003] [debug] ssl_engine_io.c(1455):
+-------------------------------------------------------------------
------+
[Wed Jan 22 15:49:40 2003] [info] SSL handshake interrupted by system [Hint:
Stop button pressed in browser?!]
[Wed Jan 22 15:49:40 2003] [info] Connection to child 66 closed with abortive
shutdown(server www.gfasante.proto.generali.fr:4
43, client 172.30.220.24)
[Wed Jan 22 15:51:14 2003] [info] Connection to child 4 established (server
www.gfasante.proto.generali.fr:443, client 172.30.
220.24)
[Wed Jan 22 15:51:14 2003] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jan 22 15:51:14 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL:
Handshake: start
[Wed Jan 22 15:51:14 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop:
before/accept initialization
[Wed Jan 22 15:51:28 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read 0/11
bytes from BIO#100500890 [mem: 1005060a0] (BIO du
mp follows)
[Wed Jan 22 15:51:28 2003] [debug] ssl_engine_io.c(1424):
+-------------------------------------------------------------------
------+
[Wed Jan 22 15:51:28 2003] [debug] ssl_engine_io.c(1455):
+-------------------------------------------------------------------
------+
[Wed Jan 22 15:51:28 2003] [info] SSL handshake interrupted by system [Hint:
Stop button pressed in browser?!]
[Wed Jan 22 15:51:28 2003] [info] Connection to child 4 closed with abortive
shutdown(server www.gfasante.proto.generali.fr:44
3, client 172.30.220.24)

Is there a specific openssl version required ? We are using openssl 0.9.6g.

Apache compilation :
CFLAGS="-m64" ./configure --prefix=/usr/local/www/prod \
--localstatedir=/var/log/www/prod --disable-charset-lite --disable-include \
--disable-autoindex --disable-asis --disable-cgi --disable-cgid \
--disable-negotiation --disable-dir --disable-imap --disable-actions \
--disable-userdir --enable-proxy --enable-ssl --enable-rewrite \
--with-mpm=worker -�with-ssl=/usr/local/ssl

Apache SSL conf :

AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/var/log/www/proto/run/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/var/log/www/proto/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/www/proto/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/www/proto/conf/ssl.key/server.key
SSLCertificateChainFile /usr/local/www/proto/conf/ssl.crt/verisign.crt
CustomLog /var/log/www/proto/logs/ssl_request.log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"


Can you help me please ?

Thanks a lot !

Thomas.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org