You are viewing a plain text version of this content. The canonical link for it is here.
Posted to bugs@httpd.apache.org by bu...@apache.org on 2012/07/27 14:48:05 UTC
[Bug 53612] New: Reverse Proxy causing 500 error SSL proxy 1.0.1c
OpenSSL
https://issues.apache.org/bugzilla/show_bug.cgi?id=53612
Priority: P2
Bug ID: 53612
Assignee: bugs@httpd.apache.org
Summary: Reverse Proxy causing 500 error SSL proxy 1.0.1c
OpenSSL
Severity: normal
Classification: Unclassified
Reporter: gibsonb@imsweb.com
Hardware: PC
Status: NEW
Version: 2.2.22
Component: mod_ssl
Product: Apache httpd-2
It seems that my configs work perfectly fine using the same build of Apache
(same options and version 2.2.22) with OpenSSL 0.9.8r. However when I rebuild
Apache using OpenSSL 1.0.1c my reverse proxy to a Windows server starts to
fail. I see 500 errors in my error logs in Apache and in Windows. I'm using
the same httpd.conf files, and it's as easy as switching back to the older
binary and then it works fine again.
Any other operation I use OpenSSL for however seems to work just fine.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53612] Reverse Proxy causing 500 error SSL proxy 1.0.1c OpenSSL
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53612
--- Comment #2 from gibsonb@imsweb.com ---
Not sure exactly what you mean, but I will post the configurations I'm using
for the vhost:
<VirtualHost server:443>
ServerName arcgisproxy01dev
SSLEngine on
SSLProxyEngine on
SSLCertificateChainFile chain.crt
SSLCertificateFile site.crt
SSLCertificateKeyFile site.key
SSLOptions +StdEnvVars
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
SetEnv proxy-initial-not-pooled 1
RewriteEngine on
RewriteCond %{HTTP_HOST} !^arcgisproxy01dev [nocase]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/(.*) https://arcgisproxy01dev/$1 [redirect,last]
ProxyRequests off
# arcgis instance
ProxyPassMatch (?i)^/arcgis/services(.*)$
https://arcgis01dev/arcgis/services/$1
ProxyPassReverse /arcgis/services https://arcgis01dev/arcgis/services
ProxyPassMatch (?i)^/arcgis/rest(.*)$ https://arcgis01dev/arcgis/rest/$1
ProxyPassReverse /arcgis/rest https://arcgis01dev/arcgis/rest
ProxyPassMatch (?i)^/arcgis/sdk/rest(.*)$
https://arcgis01dev/arcgis/sdk/rest/$1
ProxyPassReverse /arcgis/sdk/rest https://arcgis01dev/arcgis/sdk/rest
ProxyPassMatch (?i)^/arcgis/tokens(.*)$ https://arcgis01dev/arcgis/tokens/$1
ProxyPassReverse /arcgis/tokens https://arcgis01dev/arcgis/tokens
ProxyPassMatch (?i)^/arcgis/server/proxyoutput/(.*)$
https://arcgis01dev/proxyoutput/$1
ProxyPassReverse /arcgis/server/proxyoutput/ https://arcgis01dev/proxyoutput/
ProxyPassMatch (?i)^/arcgis/server/proxycache/(.*)$
https://arcgis01dev/proxycache/$1
ProxyPassReverse /arcgis/server/proxycache/ https://arcgis01dev/proxycache/
ProxyPassMatch (?i)^/arcgis/server/proxyjobs/(.*)$
https://arcgis01dev/proxyjobs/$1
ProxyPassReverse /arcgis/server/proxyjobs/ https://arcgis01dev/proxyjobs
# public instance
ProxyPassMatch (?i)^/public/services(.*)$
https://arcgis01dev/public/services/$1
ProxyPassReverse /public/services https://arcgis01dev/public/services
ProxyPassMatch (?i)^/public/rest(.*)$ https://arcgis01dev/public/rest/$1
ProxyPassReverse /public/rest https://arcgis01dev/public/rest
ProxyPassMatch (?i)^/public/sdk/rest(.*)$
https://arcgis01dev/public/sdk/rest/$1
ProxyPassReverse /public/sdk/rest https://arcgis01dev/public/sdk/rest
ProxyPassMatch (?i)^/public/tokens(.*)$ https://arcgis01dev/public/tokens/$1
ProxyPassReverse /public/tokens https://arcgis01dev/public/tokens
ProxyPassMatch (?i)^/public/server/proxyoutput/(.*)$
https://arcgis01dev/proxyoutput/$1
ProxyPassReverse /public/server/proxyoutput/ https://arcgis01dev/proxyoutput/
ProxyPassMatch (?i)^/public/server/proxycache/(.*)$
https://arcgis01dev/proxycache/$1
ProxyPassReverse /public/server/proxycache/ https://arcgis01dev/proxycache/
ProxyPassMatch (?i)^/public/server/proxyjobs/(.*)$
https://arcgis01dev/proxyjobs/$1
ProxyPassReverse /public/server/proxyjobs/ https://arcgis01dev/proxyjobs
DocumentRoot /prj/web/arcgisproxy01dev/htdocs
<Directory /prj/web/arcgisproxy01dev/htdocs>
Options FollowSymLinks Includes
AllowOverride All
Order allow,deny
Allow from all
SSL</Directory>
ScriptAlias /cgi-bin/ /prj/web/arcgisproxy01dev/cgi-bin/
<Directory /prj/web/arcgisproxy01dev/cgi-bin>
AllowOverride AuthConfig Limit
Options None
Order allow,deny
Allow from all
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
</Directory>
ErrorLog ssl_error_log
CustomLog ssl_access_log combined
</VirtualHost>
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53612] Reverse Proxy causing 500 error SSL proxy 1.0.1c OpenSSL
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53612
--- Comment #3 from Eric Covener <co...@gmail.com> ---
presumably there's a new SSL behavior over the wire, you'll have to capture it
with e.g. ssldump and provide loglevel debug that corresponds to it
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53612] Reverse Proxy causing 500 error SSL proxy 1.0.1c OpenSSL
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53612
Eric Covener <co...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
OS| |All
--- Comment #1 from Eric Covener <co...@gmail.com> ---
you'll have to provide some details of the SSL connection between the two
servers if you want it looked at as a bug in Apache.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org
[Bug 53612] Reverse Proxy causing 500 error SSL proxy 1.0.1c OpenSSL
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=53612
--- Comment #4 from Rainer Jung <ra...@kippdata.de> ---
Shootin from the hip: Could it be
http://rt.openssl.org/index.html?q=2811
which was fixed after the OpenSSL 1.0.1c release in
http://cvs.openssl.org/chngview?cn=22565
Regards,
Rainer
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org