You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Asif Iqbal <va...@gmail.com> on 2011/04/20 05:27:20 UTC
[users@httpd] failing to access ssl port
I am getting this error while trying to connect to https port. There
is only this log in the error log
http://goo.gl/IeTnV
Here is the error log
[Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] Connection to
child 1 established (server www.example.net:8443)
[Tue Apr 19 22:34:36 2011] [info] Seeding PRNG with 136 bytes of entropy
[Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] (70014)End of
file found: SSL handshake interrupted by system [Hint: Stop button
pressed in browser?!]
[Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] Connection
closed to child 1 with abortive shutdown (server www.example.net:8443)
Here is my apache version
[Tue Apr 19 23:13:32 2011] [info] mod_ssl/2.2.17 compiled against
Server: Apache/2.2.17, Library: OpenSSL/0.9.8e
I am using +sslv3 in the cipher suite as shown in my conf/extra/httpd-ssl.conf
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL
openssl ciphers -v
'ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL'
shows sslv2 and sslv3 in there
Any suggestion?
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] failing to access ssl port
Posted by Asif Iqbal <va...@gmail.com>.
On Wed, Apr 20, 2011 at 1:41 PM, Mark Montague <ma...@catseye.org> wrote:
> On April 19, 2011 23:27 , Asif Iqbal <va...@gmail.com> wrote:
>>
>> [Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] Connection to
>> child 1 established (server www.example.net:8443)
>> [Tue Apr 19 22:34:36 2011] [info] Seeding PRNG with 136 bytes of entropy
>> [Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] (70014)End of
>> file found: SSL handshake interrupted by system [Hint: Stop button
>> pressed in browser?!]
>> [Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] Connection
>> closed to child 1 with abortive shutdown (server www.example.net:8443)
>
>> Any suggestion?
>
>
> You can use "openssl s_client" to see what is happening when you try to
> connect to Apache HTTP Server via HTTPS. Hopefully there will be a clue to
> what is causing the problem in the "openssl s_client" output. However, if
CONNECTED(00000004)
depth=0 /C=US/ST=Virginia/L=Arlington/O=MyCompany/OU=IP
Systems/CN=www.example.com/emailAddress=www@example.net
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=US/ST=Virginia/L=Arlington/O=MyCompany/OU=IP
Systems/CN=www.example.com/emailAddress=www@example.net
verify return:1
---
Server certificate
-----BEGIN CERTIFICATE-----
MIID1zCCA0CgAwIBAgIJAL96cIEYeKELMA0GCSqGSIb3DQEBBQUAMIGkMQswCQYD
VQQGEwJVUzERMA8GA1UECBMIVmlyZ2luaWExEjAQBgNVBAcTCUFybGluZ3RvbjEU
MBIGA1UEChMLQ2VudHVyeUxpbmsxEzARBgNVBAsTCklQIFN5c3RlbXMxHzAdBgNV
5UOuONDRKQOJog9k1y1bG1Qd7k7f2wf1q4tVHJzFmDGcfPoV4Jmyvrhf+l3a944f
W7xPESMP8sLaAsOQfG97AU4k1K1NxTnQr4EBu0g4BKsvx/T8Tm2/Bq3Q6UOqUnus
3NiehaHnP2DvGojCNvQ8C6OHGNH0wlYhn0+l
-----END CERTIFICATE-----
subject=/C=US/ST=Virginia/L=Arlington/O=MyCompany/OU=IP
Systems/CN=www.example.com/emailAddress=www@example.net
issuer=/C=US/ST=Virginia/L=Arlington/O=MyCompany/OU=IP
Systems/CN=www.example.com/emailAddress=www@example.net
---
No client certificate CA names sent
---
Ciphers common between both SSL endpoints:
RC4-MD5 EXP-RC4-MD5 RC2-CBC-MD5
EXP-RC2-CBC-MD5 DES-CBC-MD5 DES-CBC3-MD5
---
SSL handshake has read 1136 bytes and written 312 bytes
---
New, SSLv2, Cipher is DES-CBC3-MD5
Server public key is 1024 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : SSLv2
Cipher : DES-CBC3-MD5
Session-ID: A6FB6CDFD07F7352644F9517C46BD0E9
Session-ID-ctx:
Master-Key: 650BB947BF1CC0B3DE7F44362D8442BF89F36A8BE38E544F
Key-Arg : 017A547D1D49679A
Start Time: 1303321981
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
> the handshake is successful, then your might have a problem with the web
> browser or your network rather than with Apache HTTP Server.
>
> If "openssl s_client" does not give any clues as to what is happening, add
> "ssl:debug" to the end of your existing LogLevel directive, restart httpd,
> and reproduce the error using your web browser again. More information
> should be logged to the Apache error log this time.
>
> If neither of those work, send us all your SSL configuration directives, not
> just the SSLCipherSuite directive, plus any relevant portions of virtual
> host configuration directives.
>
> --
> Mark Montague
> mark@catseye.org
>
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] failing to access ssl port
Posted by Mark Montague <ma...@catseye.org>.
On April 19, 2011 23:27 , Asif Iqbal <va...@gmail.com> wrote:
> [Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] Connection to
> child 1 established (server www.example.net:8443)
> [Tue Apr 19 22:34:36 2011] [info] Seeding PRNG with 136 bytes of entropy
> [Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] (70014)End of
> file found: SSL handshake interrupted by system [Hint: Stop button
> pressed in browser?!]
> [Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] Connection
> closed to child 1 with abortive shutdown (server www.example.net:8443)
> Any suggestion?
You can use "openssl s_client" to see what is happening when you try to
connect to Apache HTTP Server via HTTPS. Hopefully there will be a clue
to what is causing the problem in the "openssl s_client" output.
However, if the handshake is successful, then your might have a problem
with the web browser or your network rather than with Apache HTTP Server.
If "openssl s_client" does not give any clues as to what is happening,
add "ssl:debug" to the end of your existing LogLevel directive, restart
httpd, and reproduce the error using your web browser again. More
information should be logged to the Apache error log this time.
If neither of those work, send us all your SSL configuration directives,
not just the SSLCipherSuite directive, plus any relevant portions of
virtual host configuration directives.
--
Mark Montague
mark@catseye.org
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: failing to access ssl port
Posted by Asif Iqbal <va...@gmail.com>.
On Tue, Apr 19, 2011 at 11:27 PM, Asif Iqbal <va...@gmail.com> wrote:
> I am getting this error while trying to connect to https port. There
> is only this log in the error log
>
> http://goo.gl/IeTnV
>
> Here is the error log
>
> [Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] Connection to
> child 1 established (server www.example.net:8443)
> [Tue Apr 19 22:34:36 2011] [info] Seeding PRNG with 136 bytes of entropy
> [Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] (70014)End of
> file found: SSL handshake interrupted by system [Hint: Stop button
> pressed in browser?!]
> [Tue Apr 19 22:34:36 2011] [info] [client 192.168.0.248] Connection
> closed to child 1 with abortive shutdown (server www.example.net:8443)
>
> Here is my apache version
>
> [Tue Apr 19 23:13:32 2011] [info] mod_ssl/2.2.17 compiled against
> Server: Apache/2.2.17, Library: OpenSSL/0.9.8e
>
> I am using +sslv3 in the cipher suite as shown in my conf/extra/httpd-ssl.conf
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL
>
> openssl ciphers -v
> 'ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL'
> shows sslv2 and sslv3 in there
>
> Any suggestion?
If I take the same certificate and start openssl s_server like below
openssl s_server -cert conf/server.crt -key conf/server.key -port 8443
and then try to connect to it from the same FF broswer I do the usual
"This Connection is Untrusted.."
That is what I expected when apache2 was running.
so obviously apache2 is not configured to handle request like openssl
s_server can.
>
> --
> Asif Iqbal
> PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
> A: Because it messes up the order in which people normally read text.
> Q: Why is top-posting such a bad thing?
>
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
" from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org