You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2003/01/22 16:18:49 UTC
DO NOT REPLY [Bug 16333] New: -
SSL Handshake problem
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16333>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16333
SSL Handshake problem
Summary: SSL Handshake problem
Product: Apache httpd-2.0
Version: 2.0.44
Platform: Sun
OS/Version: Solaris
Status: NEW
Severity: Blocker
Priority: Other
Component: mod_ssl
AssignedTo: bugs@httpd.apache.org
ReportedBy: tcastelle@generali.fr
Hello,
I just installed Apache 2.0.44 to test it against my currently running 2.0.43,
and I have a problem with my SSL websites.
The 2 configs are exactly the same, but with 2.0.44, I have this in the error.log :
(starting apache, everything seems OK...)
[Wed Jan 22 15:43:59 2003] [info] Loading certificate & private key of SSL-aware
server
[Wed Jan 22 15:43:59 2003] [debug] ssl_engine_pphrase.c(493): unencrypted RSA
private key - pass phrase not required
[Wed Jan 22 15:44:00 2003] [info] Configuring server for SSL protocol
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(436): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(611): Configuring permitted
SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH
:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(695): Configuring server
certificate chain (0 CA certificates)
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(739): Configuring RSA
server certificate
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(778): Configuring RSA
server private key
[Wed Jan 22 15:44:00 2003] [info] Loading certificate & private key of SSL-aware
server
[Wed Jan 22 15:44:00 2003] [debug] ssl_engine_pphrase.c(493): unencrypted RSA
private key - pass phrase not required
[Wed Jan 22 15:44:03 2003] [info] Configuring server for SSL protocol
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(436): Creating new SSL
context (protocols: SSLv2, SSLv3, TLSv1)
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(611): Configuring permitted
SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH
:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(695): Configuring server
certificate chain (0 CA certificates)
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(739): Configuring RSA
server certificate
[Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(778): Configuring RSA
server private key
(Trying a request... error !)
[Wed Jan 22 15:49:24 2003] [info] Connection to child 66 established (server
www.gfasante.proto.generali.fr:443, client 172.30
.220.24)
[Wed Jan 22 15:49:24 2003] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jan 22 15:49:24 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL:
Handshake: start
[Wed Jan 22 15:49:24 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop:
before/accept initialization
[Wed Jan 22 15:49:40 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read 0/11
bytes from BIO#1004f8850 [mem: 1004fe060] (BIO du
mp follows)
[Wed Jan 22 15:49:40 2003] [debug] ssl_engine_io.c(1424):
+-------------------------------------------------------------------
------+
[Wed Jan 22 15:49:40 2003] [debug] ssl_engine_io.c(1455):
+-------------------------------------------------------------------
------+
[Wed Jan 22 15:49:40 2003] [info] SSL handshake interrupted by system [Hint:
Stop button pressed in browser?!]
[Wed Jan 22 15:49:40 2003] [info] Connection to child 66 closed with abortive
shutdown(server www.gfasante.proto.generali.fr:4
43, client 172.30.220.24)
[Wed Jan 22 15:51:14 2003] [info] Connection to child 4 established (server
www.gfasante.proto.generali.fr:443, client 172.30.
220.24)
[Wed Jan 22 15:51:14 2003] [info] Seeding PRNG with 144 bytes of entropy
[Wed Jan 22 15:51:14 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL:
Handshake: start
[Wed Jan 22 15:51:14 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop:
before/accept initialization
[Wed Jan 22 15:51:28 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read 0/11
bytes from BIO#100500890 [mem: 1005060a0] (BIO du
mp follows)
[Wed Jan 22 15:51:28 2003] [debug] ssl_engine_io.c(1424):
+-------------------------------------------------------------------
------+
[Wed Jan 22 15:51:28 2003] [debug] ssl_engine_io.c(1455):
+-------------------------------------------------------------------
------+
[Wed Jan 22 15:51:28 2003] [info] SSL handshake interrupted by system [Hint:
Stop button pressed in browser?!]
[Wed Jan 22 15:51:28 2003] [info] Connection to child 4 closed with abortive
shutdown(server www.gfasante.proto.generali.fr:44
3, client 172.30.220.24)
Is there a specific openssl version required ? We are using openssl 0.9.6g.
Apache compilation :
CFLAGS="-m64" ./configure --prefix=/usr/local/www/prod \
--localstatedir=/var/log/www/prod --disable-charset-lite --disable-include \
--disable-autoindex --disable-asis --disable-cgi --disable-cgid \
--disable-negotiation --disable-dir --disable-imap --disable-actions \
--disable-userdir --enable-proxy --enable-ssl --enable-rewrite \
--with-mpm=worker -�with-ssl=/usr/local/ssl
Apache SSL conf :
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache dbm:/var/log/www/proto/run/ssl_scache
SSLSessionCacheTimeout 300
SSLMutex file:/var/log/www/proto/run/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /usr/local/www/proto/conf/ssl.crt/server.crt
SSLCertificateKeyFile /usr/local/www/proto/conf/ssl.key/server.key
SSLCertificateChainFile /usr/local/www/proto/conf/ssl.crt/verisign.crt
CustomLog /var/log/www/proto/logs/ssl_request.log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Can you help me please ?
Thanks a lot !
Thomas.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org