You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by IT Professional <zh...@yahoo.com.sg> on 2006/11/07 10:15:39 UTC
[users@httpd] Loading certificate and private key of SSL-aware server occurred 4 times in a row
I've build successfully Apache 2.2.3 with OpenSSL 0.9.9[dev] and generated the ECC cert using with curve secp521r1.
When I tried with openssl s_server, my client (Firefox) could browse to my site running on ECC cert successfully.
But when I use my client to connect to my apache web server via 443, my client is getting the error 'Firefox can't connect securely to localhost because the site uses a security protocol which isn't enabled'.
Interestingly the loading of cert actually occurred 4 times. Is this normal?
I've applied the fixes in bug 40132 to expose ECC cipher suites too.
This is the latest log I've got when I set the log level to debug.
[Tue Nov 07 10:18:25 2006] [info] Loading certificate & private key of SSL-aware server
[Tue Nov 07 10:18:25 2006] [debug] ssl_engine_pphrase.c(469): unencrypted ECC private key - pass phrase not required
[Tue Nov 07 10:18:27 2006] [info] Configuring server for SSL protocol
[Tue Nov 07 10:18:27 2006] [debug] ssl_engine_init.c(408): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Nov 07 10:18:27 2006] [debug] ssl_engine_init.c(608): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Nov 07 10:18:27 2006] [debug] ssl_engine_init.c(784): Configuring ECC server private key
[Tue Nov 07 10:18:28 2006] [info] Loading certificate & private key of SSL-aware server
[Tue Nov 07 10:18:28 2006] [debug] ssl_engine_pphrase.c(469): unencrypted ECC private key - pass phrase not required
[Tue Nov 07 10:18:29 2006] [info] Configuring server for SSL protocol
[Tue Nov 07 10:18:29 2006] [debug] ssl_engine_init.c(408): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Nov 07 10:18:29 2006] [debug] ssl_engine_init.c(608): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Nov 07 10:18:29 2006] [debug] ssl_engine_init.c(784): Configuring ECC server private key
[Tue Nov 07 10:18:30 2006] [info] Loading certificate & private key of SSL-aware server
[Tue Nov 07 10:18:30 2006] [debug] ssl_engine_pphrase.c(469): unencrypted ECC private key - pass phrase not required
[Tue Nov 07 10:18:30 2006] [info] Configuring server for SSL protocol
[Tue Nov 07 10:18:30 2006] [debug] ssl_engine_init.c(408): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Nov 07 10:18:30 2006] [debug] ssl_engine_init.c(608): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Nov 07 10:18:30 2006] [debug] ssl_engine_init.c(784): Configuring ECC server private key
[Tue Nov 07 10:18:31 2006] [info] Loading certificate & private key of SSL-aware server
[Tue Nov 07 10:18:31 2006] [debug] ssl_engine_pphrase.c(469): unencrypted ECC private key - pass phrase not required
[Tue Nov 07 10:18:33 2006] [info] Configuring server for SSL protocol
[Tue Nov 07 10:18:33 2006] [debug] ssl_engine_init.c(408): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Tue Nov 07 10:18:33 2006] [debug] ssl_engine_init.c(608): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Tue Nov 07 10:18:33 2006] [debug] ssl_engine_init.c(784): Configuring ECC server private key
[Tue Nov 07 10:18:38 2006] [info] [client 127.0.0.1] Connection to child 249 established (server www.example.com:443)
[Tue Nov 07 10:18:38 2006] [info] Seeding PRNG with 144 bytes of entropy
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1780): OpenSSL: Handshake: start
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1788): OpenSSL: Loop: before/accept initialization
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#53c8f8 [mem: 5d0010] (BIO dump follows)
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0000: 80 6d 01 03 00 00 54 00-00 00 10 .m....T.... |
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 100/100 bytes from BIO#53c8f8 [mem: 5d001b] (BIO dump follows)
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0000: 00 c0 0a 00 c0 14 00 00-39 00 00 38 00 c0 0f 00 ........9..8.... |
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0010: c0 05 00 00 35 00 c0 07-00 c0 09 00 c0 11 00 c0 ....5........... |
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0020: 13 00 00 33 00 00 32 00-c0 0c 00 c0 0e 00 c0 02 ...3..2......... |
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0030: 00 c0 04 00 00 04 00 00-05 00 00 2f 00 c0 08 00 .........../.... |
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0040: c0 12 00 00 16 00 00 13-00 c0 0d 00 c0 03 00 fe ................ |
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0050: ff 00 00 0a 5b 50 b2 e9-25 9a 13 c4 60 5f 86 5e ....[P..%...`_.^ |
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0060: 9e 50 2c d8 .P,. |
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1798): OpenSSL: Write: SSLv3 read client hello B
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1817): OpenSSL: Exit: error in SSLv3 read client hello B
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1817): OpenSSL: Exit: error in SSLv3 read client hello B
[Tue Nov 07 10:18:38 2006] [info] [client 127.0.0.1] SSL library error 1 in handshake (server www.example.com:443)
[Tue Nov 07 10:18:38 2006] [info] SSL Library Error: 336109761 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Too restrictive SSLCipherSuite or using DSA server certificate?
[Tue Nov 07 10:18:38 2006] [info] [client 127.0.0.1] Connection closed to child 249 with abortive shutdown (server www.example.com:443)
Interestingly the loading of cert actually occurred 4 times. Is this normal?
__________________________________
What is the internet to you?
Contribute to the Yahoo! Time Capsule and be a part of internet history.
http://timecapsule.yahoo.com/capsule.php?intl=sg
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org