You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Aubrey Li <au...@gmail.com> on 2012/03/15 16:43:58 UTC
[users@httpd] [RHEL6.2] SSL handshake failure
Hi,
I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I made a client
to create a connection to httpd but received a handshake failure report.
how I built httpd-2.2.22
=======================
./configure --enable-ssl --enable-so --with-mpm=worker --prefix=$BENCH/apache2
I created a self-signed key, and put under $BENCH/apache2/conf/
=======================
openssl req -new -x509 -nodes -out server.crt -keyout server.key
I attached the output of "openssl s_client -connect webserver:443 -state -debug"
When I connect the client to the server(RHEL6.2), there is no
access_log, no err_log,
nothing added in /var/log/messages, it's very weird.
Any help are highly appreciated!
Thanks,
-Aubrey
Re: [users@httpd] [RHEL6.2] SSL handshake failure
Posted by Aubrey Li <au...@gmail.com>.
Thanks a ton, Igor!
I copied SSLCiperSuite in the conf file of httpd_2.2.21, and it works!
Cheers,
-Aubrey
#SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
On Mon, Mar 19, 2012 at 5:50 AM, Igor Cicimov <ic...@gmail.com> wrote:
> "[Mon Mar 19 06:51:12 2012] [info] SSL Library Error: 336109761
> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_ HELLO:no shared cipher Too
> restrictive SSLCipherSuite or using DSA server certificate?"
>
> Check the SSLCipherSuite directive in your SSL host as the error says it
> might be too restrictive. Try adding more options.
>
> On Mar 19, 2012 2:00 AM, "Aubrey Li" <au...@gmail.com> wrote:
>>
>> Here is what I got when I put the loglevel to debug in httpd.conf
>> ===============================================================
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1866): OpenSSL:
>> Handshake: start
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1874): OpenSSL:
>> Loop: before/accept initialization
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
>> read 11/11 bytes from BIO#7fa4600011a0 [mem: 7fa460006ac0] (BIO dump
>> follows)
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
>>
>> +-------------------------------------------------------------------------+
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 16
>> 03 00 00 2d 01 00 00-29 03 ....-...). |
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0011 -
>> <SPACES/NULS>
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
>>
>> +-------------------------------------------------------------------------+
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
>> read 39/39 bytes from BIO#7fa4600011a0 [mem: 7fa460006acb] (BIO dump
>> follows)
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
>>
>> +-------------------------------------------------------------------------+
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 4f
>> 66 66 ec 02 5d 92 3d-4d db ee c7 10 f5 d5 43 Off..].=M......C |
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0010: 3e
>> 16 87 86 7b c9 a0 88-db 60 5a c8 f1 46 10 8f >...{....`Z..F.. |
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0020: 00
>> 00 02 00 04 01 ...... |
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0039 -
>> <SPACES/NULS>
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
>>
>> +-------------------------------------------------------------------------+
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1884): OpenSSL:
>> Write: SSLv3 read client hello C
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
>> Exit: error in SSLv3 read client hello C
>> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
>> Exit: error in SSLv3 read client hello C
>> [Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] SSL library error
>> 1 in handshake (server www.example.com:443)
>> [Mon Mar 19 06:51:12 2012] [info] SSL Library Error: 336109761
>> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Too
>> restrictive SSLCipherSuite or using DSA server certificate?
>> [Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] Connection closed
>> to child 2 with abortive shutdown (server www.example.com:443)
>> ==================================================================
>> quite strange, openssl s_client command can pass the SSL handshake while
>> this java application cannot.
>>
>> openssl version is 0.9.8u
>>
>> Welcome any inputs!
>>
>> Thanks,
>> -Aubrey
>>
>>
>> On Fri, Mar 16, 2012 at 1:50 AM, Mark Montague <ma...@catseye.org> wrote:
>> > On March 15, 2012 13:31 , Aubrey Li <au...@gmail.com> wrote:
>> >>
>> >> Thanks for your reply. here is the output of httpd -V. [...]
>> >>
>> >>
>> >> -D HTTPD_ROOT="/export/bench/benchmarks/apache2"
>> >> -D SUEXEC_BIN="/export/bench/benchmarks/apache2/bin/suexec"
>> >> -D DEFAULT_PIDLOG="logs/httpd.pid"
>> >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>> >> -D DEFAULT_ERRORLOG="logs/error_log"
>> >> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>> >> -D SERVER_CONFIG_FILE="conf/httpd.conf"
>> >>
>> >>>> I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I
>> >>>> made a
>> >>>> client
>> >>>> to create a connection to httpd but received a handshake failure
>> >>>> report.
>> >>>>
>> >>>> [...]
>> >>>>
>> >>>> When I connect the client to the server(RHEL6.2), there is no
>> >>>> access_log, no err_log,
>> >>>> nothing added in /var/log/messages, it's very weird.
>> >
>> >
>> > So you are saying that you have a file at
>> > /export/bench/benchmarks/apache2/conf/httpd.conf that contains all of
>> > the
>> > correct directives to configure SSL, logging, and appropriate virtual
>> > hosts?
>> >
>> > And you are saying that no logs are appearing at
>> > /export/bench/benchmarks/apache2/logs/error_log nor at the location that
>> > you
>> > specify in your ErrorLog directive in
>> > /export/bench/benchmarks/apache2/conf/httpd.conf ?
>> >
>> > In this case, what user are you starting httpd as? What are the values
>> > for
>> > the User and Group directives in
>> > /export/bench/benchmarks/apache2/conf/httpd.conf ? Do that user and
>> > group
>> > have write access to the place you are telling this version of httpd to
>> > write its error logs?
>> >
>> > Is this system running any Mandatory Access Control system such as
>> > SELinux,
>> > AppArmor, Tomoyo, or grsecurity that could be interferring with what
>> > this
>> > version of httpd is trying to do or where it is trying to do it? If
>> > so,
>> > then check the log files for the Mandatory Access Control system that
>> > you
>> > are running to find out what the problem is.
>> >
>> > Hopefully other people on this list will have additional, and better,
>> > suggestions of things to check.
>> >
>> > --
>> > Mark Montague
>> > mark@catseye.org
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] [RHEL6.2] SSL handshake failure
Posted by Igor Cicimov <ic...@gmail.com>.
"[Mon Mar 19 06:51:12 2012] [info] SSL Library Error: 336109761
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_ HELLO:no shared cipher Too
restrictive SSLCipherSuite or using DSA server certificate?"
Check the SSLCipherSuite directive in your SSL host as the error says it
might be too restrictive. Try adding more options.
On Mar 19, 2012 2:00 AM, "Aubrey Li" <au...@gmail.com> wrote:
> Here is what I got when I put the loglevel to debug in httpd.conf
> ===============================================================
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1866): OpenSSL:
> Handshake: start
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1874): OpenSSL:
> Loop: before/accept initialization
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
> read 11/11 bytes from BIO#7fa4600011a0 [mem: 7fa460006ac0] (BIO dump
> follows)
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
> +-------------------------------------------------------------------------+
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 16
> 03 00 00 2d 01 00 00-29 03 ....-...). |
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0011 -
> <SPACES/NULS>
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
> +-------------------------------------------------------------------------+
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
> read 39/39 bytes from BIO#7fa4600011a0 [mem: 7fa460006acb] (BIO dump
> follows)
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
> +-------------------------------------------------------------------------+
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 4f
> 66 66 ec 02 5d 92 3d-4d db ee c7 10 f5 d5 43 Off..].=M......C |
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0010: 3e
> 16 87 86 7b c9 a0 88-db 60 5a c8 f1 46 10 8f >...{....`Z..F.. |
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0020: 00
> 00 02 00 04 01 ...... |
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0039 -
> <SPACES/NULS>
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
> +-------------------------------------------------------------------------+
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1884): OpenSSL:
> Write: SSLv3 read client hello C
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
> Exit: error in SSLv3 read client hello C
> [Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
> Exit: error in SSLv3 read client hello C
> [Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] SSL library error
> 1 in handshake (server www.example.com:443)
> [Mon Mar 19 06:51:12 2012] [info] SSL Library Error: 336109761
> error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Too
> restrictive SSLCipherSuite or using DSA server certificate?
> [Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] Connection closed
> to child 2 with abortive shutdown (server www.example.com:443)
> ==================================================================
> quite strange, openssl s_client command can pass the SSL handshake while
> this java application cannot.
>
> openssl version is 0.9.8u
>
> Welcome any inputs!
>
> Thanks,
> -Aubrey
>
>
> On Fri, Mar 16, 2012 at 1:50 AM, Mark Montague <ma...@catseye.org> wrote:
> > On March 15, 2012 13:31 , Aubrey Li <au...@gmail.com> wrote:
> >>
> >> Thanks for your reply. here is the output of httpd -V. [...]
> >>
> >>
> >> -D HTTPD_ROOT="/export/bench/benchmarks/apache2"
> >> -D SUEXEC_BIN="/export/bench/benchmarks/apache2/bin/suexec"
> >> -D DEFAULT_PIDLOG="logs/httpd.pid"
> >> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
> >> -D DEFAULT_ERRORLOG="logs/error_log"
> >> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
> >> -D SERVER_CONFIG_FILE="conf/httpd.conf"
> >>
> >>>> I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I
> made a
> >>>> client
> >>>> to create a connection to httpd but received a handshake failure
> report.
> >>>>
> >>>> [...]
> >>>>
> >>>> When I connect the client to the server(RHEL6.2), there is no
> >>>> access_log, no err_log,
> >>>> nothing added in /var/log/messages, it's very weird.
> >
> >
> > So you are saying that you have a file at
> > /export/bench/benchmarks/apache2/conf/httpd.conf that contains all of the
> > correct directives to configure SSL, logging, and appropriate virtual
> hosts?
> >
> > And you are saying that no logs are appearing at
> > /export/bench/benchmarks/apache2/logs/error_log nor at the location that
> you
> > specify in your ErrorLog directive in
> > /export/bench/benchmarks/apache2/conf/httpd.conf ?
> >
> > In this case, what user are you starting httpd as? What are the values
> for
> > the User and Group directives in
> > /export/bench/benchmarks/apache2/conf/httpd.conf ? Do that user and group
> > have write access to the place you are telling this version of httpd to
> > write its error logs?
> >
> > Is this system running any Mandatory Access Control system such as
> SELinux,
> > AppArmor, Tomoyo, or grsecurity that could be interferring with what this
> > version of httpd is trying to do or where it is trying to do it? If so,
> > then check the log files for the Mandatory Access Control system that you
> > are running to find out what the problem is.
> >
> > Hopefully other people on this list will have additional, and better,
> > suggestions of things to check.
> >
> > --
> > Mark Montague
> > mark@catseye.org
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>
Re: [users@httpd] [RHEL6.2] SSL handshake failure
Posted by Aubrey Li <au...@gmail.com>.
Here is what I got when I put the loglevel to debug in httpd.conf
===============================================================
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1866): OpenSSL:
Handshake: start
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1874): OpenSSL:
Loop: before/accept initialization
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
read 11/11 bytes from BIO#7fa4600011a0 [mem: 7fa460006ac0] (BIO dump
follows)
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 16
03 00 00 2d 01 00 00-29 03 ....-...). |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0011 - <SPACES/NULS>
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
read 39/39 bytes from BIO#7fa4600011a0 [mem: 7fa460006acb] (BIO dump
follows)
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 4f
66 66 ec 02 5d 92 3d-4d db ee c7 10 f5 d5 43 Off..].=M......C |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0010: 3e
16 87 86 7b c9 a0 88-db 60 5a c8 f1 46 10 8f >...{....`Z..F.. |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0020: 00
00 02 00 04 01 ...... |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0039 - <SPACES/NULS>
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1884): OpenSSL:
Write: SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
Exit: error in SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
Exit: error in SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] SSL library error
1 in handshake (server www.example.com:443)
[Mon Mar 19 06:51:12 2012] [info] SSL Library Error: 336109761
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Too
restrictive SSLCipherSuite or using DSA server certificate?
[Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] Connection closed
to child 2 with abortive shutdown (server www.example.com:443)
==================================================================
quite strange, openssl s_client command can pass the SSL handshake while
this java application cannot.
openssl version is 0.9.8u
Welcome any inputs!
Thanks,
-Aubrey
On Fri, Mar 16, 2012 at 1:50 AM, Mark Montague <ma...@catseye.org> wrote:
> On March 15, 2012 13:31 , Aubrey Li <au...@gmail.com> wrote:
>>
>> Thanks for your reply. here is the output of httpd -V. [...]
>>
>>
>> -D HTTPD_ROOT="/export/bench/benchmarks/apache2"
>> -D SUEXEC_BIN="/export/bench/benchmarks/apache2/bin/suexec"
>> -D DEFAULT_PIDLOG="logs/httpd.pid"
>> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>> -D DEFAULT_ERRORLOG="logs/error_log"
>> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>> -D SERVER_CONFIG_FILE="conf/httpd.conf"
>>
>>>> I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I made a
>>>> client
>>>> to create a connection to httpd but received a handshake failure report.
>>>>
>>>> [...]
>>>>
>>>> When I connect the client to the server(RHEL6.2), there is no
>>>> access_log, no err_log,
>>>> nothing added in /var/log/messages, it's very weird.
>
>
> So you are saying that you have a file at
> /export/bench/benchmarks/apache2/conf/httpd.conf that contains all of the
> correct directives to configure SSL, logging, and appropriate virtual hosts?
>
> And you are saying that no logs are appearing at
> /export/bench/benchmarks/apache2/logs/error_log nor at the location that you
> specify in your ErrorLog directive in
> /export/bench/benchmarks/apache2/conf/httpd.conf ?
>
> In this case, what user are you starting httpd as? What are the values for
> the User and Group directives in
> /export/bench/benchmarks/apache2/conf/httpd.conf ? Do that user and group
> have write access to the place you are telling this version of httpd to
> write its error logs?
>
> Is this system running any Mandatory Access Control system such as SELinux,
> AppArmor, Tomoyo, or grsecurity that could be interferring with what this
> version of httpd is trying to do or where it is trying to do it? If so,
> then check the log files for the Mandatory Access Control system that you
> are running to find out what the problem is.
>
> Hopefully other people on this list will have additional, and better,
> suggestions of things to check.
>
> --
> Mark Montague
> mark@catseye.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] [RHEL6.2] SSL handshake failure
Posted by Mark Montague <ma...@catseye.org>.
On March 15, 2012 13:31 , Aubrey Li <au...@gmail.com> wrote:
> Thanks for your reply. here is the output of httpd -V. [...]
>
> -D HTTPD_ROOT="/export/bench/benchmarks/apache2"
> -D SUEXEC_BIN="/export/bench/benchmarks/apache2/bin/suexec"
> -D DEFAULT_PIDLOG="logs/httpd.pid"
> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
> -D DEFAULT_ERRORLOG="logs/error_log"
> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
> -D SERVER_CONFIG_FILE="conf/httpd.conf"
>
>>> I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I made a
>>> client
>>> to create a connection to httpd but received a handshake failure report.
>>>
>>> [...]
>>>
>>> When I connect the client to the server(RHEL6.2), there is no
>>> access_log, no err_log,
>>> nothing added in /var/log/messages, it's very weird.
So you are saying that you have a file at
/export/bench/benchmarks/apache2/conf/httpd.conf that contains all of
the correct directives to configure SSL, logging, and appropriate
virtual hosts?
And you are saying that no logs are appearing at
/export/bench/benchmarks/apache2/logs/error_log nor at the location that
you specify in your ErrorLog directive in
/export/bench/benchmarks/apache2/conf/httpd.conf ?
In this case, what user are you starting httpd as? What are the values
for the User and Group directives in
/export/bench/benchmarks/apache2/conf/httpd.conf ? Do that user and
group have write access to the place you are telling this version of
httpd to write its error logs?
Is this system running any Mandatory Access Control system such as
SELinux, AppArmor, Tomoyo, or grsecurity that could be interferring with
what this version of httpd is trying to do or where it is trying to do
it? If so, then check the log files for the Mandatory Access Control
system that you are running to find out what the problem is.
Hopefully other people on this list will have additional, and better,
suggestions of things to check.
--
Mark Montague
mark@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] [RHEL6.2] SSL handshake failure
Posted by Aubrey Li <au...@gmail.com>.
Hi Mark,
Thanks for your reply. here is the output of httpd -V.
Everything looks good.
Please let me know if I can offer more information.
Thanks,
-Aubrey
===================
# ./apachectl restart -V
Server version: Apache/2.4.1 (Unix)
Server built: Mar 16 2012 08:37:57
Server's Module Magic Number: 20120211:0
Server loaded: APR 1.4.6, APR-UTIL 1.4.1
Compiled using: APR 1.4.6, APR-UTIL 1.4.1
Architecture: 64-bit
Server MPM: worker
threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with....
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=256
-D HTTPD_ROOT="/export/bench/benchmarks/apache2"
-D SUEXEC_BIN="/export/bench/benchmarks/apache2/bin/suexec"
-D DEFAULT_PIDLOG="logs/httpd.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="conf/mime.types"
-D SERVER_CONFIG_FILE="conf/httpd.conf"
===============================
On Fri, Mar 16, 2012 at 12:35 AM, Mark Montague <ma...@catseye.org> wrote:
> On March 15, 2012 11:43 , Aubrey Li <au...@gmail.com> wrote:
>>
>> I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I made a
>> client
>> to create a connection to httpd but received a handshake failure report.
>>
>> how I built httpd-2.2.22
>> =======================
>> ./configure --enable-ssl --enable-so --with-mpm=worker
>> --prefix=$BENCH/apache2
>>
>> [...]
>>
>>
>> When I connect the client to the server(RHEL6.2), there is no
>> access_log, no err_log,
>> nothing added in /var/log/messages, it's very weird.
>>
>
> Run the httpd that you built with the -V option. What are the values of
> HTTPD_ROOT and SERVER_CONFIG_FILE? Do you actually have a configuration
> file at $HTTPD_ROOT/$SERVER_CONFIG_FILE that configures SSL, access logging,
> and error logging? These things do not happen automatically, and it does
> not look like you provided the arguments to configure to make httpd use the
> special configuration files that the Red Hat provided build of httpd uses.
>
> --
> Mark Montague
> mark@catseye.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] [RHEL6.2] SSL handshake failure
Posted by Mark Montague <ma...@catseye.org>.
On March 15, 2012 11:43 , Aubrey Li <au...@gmail.com> wrote:
> I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I made a client
> to create a connection to httpd but received a handshake failure report.
>
> how I built httpd-2.2.22
> =======================
> ./configure --enable-ssl --enable-so --with-mpm=worker --prefix=$BENCH/apache2
>
> [...]
>
> When I connect the client to the server(RHEL6.2), there is no
> access_log, no err_log,
> nothing added in /var/log/messages, it's very weird.
>
Run the httpd that you built with the -V option. What are the values of
HTTPD_ROOT and SERVER_CONFIG_FILE? Do you actually have a configuration
file at $HTTPD_ROOT/$SERVER_CONFIG_FILE that configures SSL, access
logging, and error logging? These things do not happen automatically,
and it does not look like you provided the arguments to configure to
make httpd use the special configuration files that the Red Hat provided
build of httpd uses.
--
Mark Montague
mark@catseye.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org