You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Niclas Arndt <ni...@hotmail.com> on 2004/08/22 21:49:37 UTC
[users@httpd] Apache SSL problem
Hi
I have been trying for days to get Apache2 and now Apache 1.3 to work with
https.
Regular http works but for https the browsers complain about "Cannot find
server" or "Could not connect to host...".
I first tried with SuSE 9.1 / Apache 2.0.49 and eventually thought that
there was a problem with this combination, but I don't think so after
installing SuSE 9.0 / Apache 1.3.28, which gives me the same problem. I am
running SusE 8.2 / Apache 1.3.29 on another server in a very similar config,
so I thought this was going to be easy...
Could I ask one of you to interprete this? Thanks in advance.
/Niclas
-----
tjatte:~ # /usr/sbin/httpd -D SSL -S
VirtualHost configuration:
82.182.41.133:443 tjatte.tjatter.se (/etc/httpd/httpd.conf:1408)
This looks ok. Apache2 even prints "Syntax ok." or something like that.
-----
tjatte:~ # openssl s_client -connect tjatte.tjatter.se:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 080AFA48 [080B0110] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 19 60 ...............`
0070 - 54 2b b7 2d 98 da 66 09-9b 80 2c 6f 34 c3 24 fc T+.-..f...,o4.$.
0080 - dc 9e 75 09 f4 e0 07 01-ba 56 1f 75 44 03 ..u......V.uD.
SSL_connect:SSLv2/v3 write client hello A
read from 080AFA48 [080B5670] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59 <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
4735:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:
tjatte:~ #
-----
This is from ssl_engine_log in verbose mode: The first section is from
starting the server (without complaints). The second is when trying to
access https://tjatte.tjatter.se
[info] Server: Apache/1.3.28, Interface: mod_ssl/2.8.15, Library:
OpenSSL/0.9.7b
[info] Init: 1st startup round (still not detached)
[info] Init: Initializing OpenSSL library
[info] Init: Loading certificate & private key of SSL-aware server
tjatte.tjatter.se:443
[trace] Init: (tjatte.tjatter.se:443) unencrypted RSA private key - pass
phrase not required
[info] Init: Seeding PRNG with 136 bytes of entropy
[info] Init: Generating temporary RSA private keys (512/1024 bits)
[info] Init: Configuring temporary DH parameters (512/1024 bits)
[info] Init: 2nd startup round (already detached)
[info] Init: Reinitializing OpenSSL library
[trace] Shared-memory segment has 524288 available
[trace] shmcb_malloc attempt for 524288 bytes failed
[trace] shmcb_malloc attempt for 524286 bytes failed
[trace] shmcb_malloc attempt for 524284 bytes failed
[trace] shmcb_malloc attempt for 524282 bytes failed
[trace] shmcb_init allocated 524280 bytes of shared memory
[trace] entered shmcb_init_memory()
[trace] for 524280 bytes, recommending 4368 indexes
[trace] shmcb_init_memory choices follow
[trace] division_mask = 0x1F
[trace] division_offset = 64
[trace] division_size = 16381
[trace] queue_size = 1640
[trace] index_num = 136
[trace] index_offset = 8
[trace] index_size = 12
[trace] cache_data_offset = 8
[trace] cache_data_size = 14733
[trace] leaving shmcb_init_memory()
[info] Shared memory session cache initialised
[info] Init: Seeding PRNG with 136 bytes of entropy
[info] Init: Configuring temporary RSA private keys (512/1024 bits)
[info] Init: Configuring temporary DH parameters (512/1024 bits)
[info] Init: Initializing (virtual) servers for SSL
[info] Init: Configuring server tjatte.tjatter.se:443 for SSL protocol
[trace] Init: (tjatte.tjatter.se:443) Creating new SSL context (protocols:
SSLv2, SSLv3, TLSv1)
[trace] Init: (tjatte.tjatter.se:443) Configuring permitted SSL ciphers
[ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[trace] Init: (tjatte.tjatter.se:443) Configuring RSA server certificate
[trace] Init: (tjatte.tjatter.se:443) Configuring RSA server private key
[info] Connection to child 0 established (server tjatte.tjatter.se:443,
client 82.182.41.132)
[info] Seeding PRNG with 1160 bytes of entropy
[trace] OpenSSL: Handshake: start
[trace] OpenSSL: Loop: before/accept initialization
[debug] OpenSSL: read 11/11 bytes from BIO#081F61E8 [mem: 0822C5C0] (BIO
dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 00 00 61 01 00 00-5d 03 ....a...]. |
| 000b - <SPACES/NULS>
+-------------------------------------------------------------------------+
[debug] OpenSSL: read 91/91 bytes from BIO#081F61E8 [mem: 0822C5CB] (BIO
dump follows)
+-------------------------------------------------------------------------+
| 0000: 41 28 f0 cd bc 39 a5 fc-84 69 d0 67 fa 96 76 92 A(...9...i.g..v. |
| 0010: a7 ab 1a 58 02 07 09 6c-c1 28 26 c7 70 58 c4 d6 ...X...l.(&.pX.. |
| 0020: 20 85 c7 02 24 28 fc c9-d9 df 6e e4 49 40 39 df ...$(....n.I@9. |
| 0030: e9 44 d9 75 d3 c2 b1 1e-75 0c ae 3d 88 98 1b cc .D.u....u..=.... |
| 0040: c6 00 16 00 04 00 05 00-0a 00 09 00 64 00 62 00 ............d.b. |
| 0050: 03 00 06 00 13 00 12 00-63 01 ........c. |
| 005b - <SPACES/NULS>
+-------------------------------------------------------------------------+
[trace] OpenSSL: Loop: SSLv3 read client hello A
[trace] OpenSSL: Loop: SSLv3 write server hello A
[trace] OpenSSL: Loop: SSLv3 write change cipher spec A
[trace] OpenSSL: Loop: SSLv3 write finished A
[debug] OpenSSL: write 146/146 bytes to BIO#081F61E8 [mem: 0823A6E8] (BIO
dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 00 00 4a 02 00 00-46 03 00 41 28 f0 52 ba ....J...F..A(.R. |
| 0010: 09 87 c8 03 3c c2 58 ab-a6 88 49 51 22 8f 17 c2 ....<.X...IQ"... |
| 0020: 08 64 7e 7a b6 64 e6 53-62 f7 09 20 85 c7 02 24 .d~z.d.Sb.. ...$ |
| 0030: 28 fc c9 d9 df 6e e4 49-40 39 df e9 44 d9 75 d3 (....n.I@9..D.u. |
| 0040: c2 b1 1e 75 0c ae 3d 88-98 1b cc c6 00 04 00 14 ...u..=......... |
| 0050: 03 00 00 01 01 16 03 00-00 38 05 fb 3f d4 b6 f3 .........8..?... |
| 0060: 63 63 d9 ff c4 47 f7 79-53 19 73 ee 5c 1d 9b b7 cc...G.yS.s.\... |
| 0070: 95 f7 6d 25 0e de 87 71-57 95 30 d2 89 e8 9b 5d ..m%...qW.0....] |
| 0080: d8 f4 57 f0 d3 29 ee 38-fc 3b 54 38 10 65 36 49 ..W..).8.;T8.e6I |
| 0090: 9e fd .. |
+-------------------------------------------------------------------------+
[trace] OpenSSL: Loop: SSLv3 flush data
[debug] OpenSSL: read 5/5 bytes from BIO#081F61E8 [mem: 0822C5C0] (BIO dump
follows)
+-------------------------------------------------------------------------+
| 0000: 14 03 00 00 01 ..... |
+-------------------------------------------------------------------------+
[debug] OpenSSL: read 1/1 bytes from BIO#081F61E8 [mem: 0822C5C5] (BIO dump
follows)
+-------------------------------------------------------------------------+
| 0000: 01 . |
+-------------------------------------------------------------------------+
[debug] OpenSSL: read 5/5 bytes from BIO#081F61E8 [mem: 0822C5C0] (BIO dump
follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 00 00 38 ....8 |
+-------------------------------------------------------------------------+
[debug] OpenSSL: read 56/56 bytes from BIO#081F61E8 [mem: 0822C5C5] (BIO
dump follows)
+-------------------------------------------------------------------------+
| 0000: df 9c 75 13 0f 2d c3 eb-59 36 d2 c5 f0 70 50 4c ..u..-..Y6...pPL |
| 0010: 61 a5 16 22 5e 96 78 90-a6 35 5b a1 6b bb 6b 83 a.."^.x..5[.k.k. |
| 0020: 19 4d c9 bf 5f fa ae bd-21 51 c8 27 78 0d f4 95 .M.._...!Q.'x... |
| 0030: f1 84 b3 08 74 1e 3c 07- ....t.<. |
+-------------------------------------------------------------------------+
[trace] OpenSSL: Loop: SSLv3 read finished A
[trace] OpenSSL: Handshake: done
[info] Connection: Client IP: 82.182.41.132, Protocol: SSLv3, Cipher:
RC4-MD5 (128/128 bits)
[debug] OpenSSL: read 0/34821 bytes from BIO#081F61E8 [mem: 0822C5C0] (BIO
dump follows)
+-------------------------------------------------------------------------+
+-------------------------------------------------------------------------+
[debug] OpenSSL: write 23/23 bytes to BIO#081F61E8 [mem: 08234DD0] (BIO dump
follows)
+-------------------------------------------------------------------------+
| 0000: 15 03 00 00 12 09 13 53-72 9f 3a 23 0e ba 65 c8 .......Sr.:#..e. |
| 0010: a7 7e 88 83 fb 02 46 .~....F |
+-------------------------------------------------------------------------+
[trace] OpenSSL: Write: SSL negotiation finished successfully
[info] Connection to child 0 closed with standard shutdown (server
tjatte.tjatter.se:443, client 82.182.41.132)
_________________________________________________________________
Add photos to your e-mail with MSN 8. Get 2 months FREE*.
http://join.msn.com/?page=features/featuredemail
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org