DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16333>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16333 SSL Handshake problem Summary: SSL Handshake problem Product: Apache httpd-2.0 Version: 2.0.44 Platform: Sun OS/Version: Solaris Status: NEW Severity: Blocker Priority: Other Component: mod_ssl AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] Hello, I just installed Apache 2.0.44 to test it against my currently running 2.0.43, and I have a problem with my SSL websites. The 2 configs are exactly the same, but with 2.0.44, I have this in the error.log : (starting apache, everything seems OK...) [Wed Jan 22 15:43:59 2003] [info] Loading certificate & private key of SSL-aware server [Wed Jan 22 15:43:59 2003] [debug] ssl_engine_pphrase.c(493): unencrypted RSA private key - pass phrase not required [Wed Jan 22 15:44:00 2003] [info] Configuring server for SSL protocol [Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(436): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(611): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH :+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(695): Configuring server certificate chain (0 CA certificates) [Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(739): Configuring RSA server certificate [Wed Jan 22 15:44:00 2003] [debug] ssl_engine_init.c(778): Configuring RSA server private key [Wed Jan 22 15:44:00 2003] [info] Loading certificate & private key of SSL-aware server [Wed Jan 22 15:44:00 2003] [debug] ssl_engine_pphrase.c(493): unencrypted RSA private key - pass phrase not required [Wed Jan 22 15:44:03 2003] [info] Configuring server for SSL protocol [Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(436): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(611): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH :+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(695): Configuring server certificate chain (0 CA certificates) [Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(739): Configuring RSA server certificate [Wed Jan 22 15:44:03 2003] [debug] ssl_engine_init.c(778): Configuring RSA server private key (Trying a request... error !) [Wed Jan 22 15:49:24 2003] [info] Connection to child 66 established (server www.gfasante.proto.generali.fr:443, client 172.30 .220.24) [Wed Jan 22 15:49:24 2003] [info] Seeding PRNG with 144 bytes of entropy [Wed Jan 22 15:49:24 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL: Handshake: start [Wed Jan 22 15:49:24 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop: before/accept initialization [Wed Jan 22 15:49:40 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read 0/11 bytes from BIO#1004f8850 [mem: 1004fe060] (BIO du mp follows) [Wed Jan 22 15:49:40 2003] [debug] ssl_engine_io.c(1424): +------------------------------------------------------------------- ------+ [Wed Jan 22 15:49:40 2003] [debug] ssl_engine_io.c(1455): +------------------------------------------------------------------- ------+ [Wed Jan 22 15:49:40 2003] [info] SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Wed Jan 22 15:49:40 2003] [info] Connection to child 66 closed with abortive shutdown(server www.gfasante.proto.generali.fr:4 43, client 172.30.220.24) [Wed Jan 22 15:51:14 2003] [info] Connection to child 4 established (server www.gfasante.proto.generali.fr:443, client 172.30. 220.24) [Wed Jan 22 15:51:14 2003] [info] Seeding PRNG with 144 bytes of entropy [Wed Jan 22 15:51:14 2003] [debug] ssl_engine_kernel.c(1758): OpenSSL: Handshake: start [Wed Jan 22 15:51:14 2003] [debug] ssl_engine_kernel.c(1766): OpenSSL: Loop: before/accept initialization [Wed Jan 22 15:51:28 2003] [debug] ssl_engine_io.c(1477): OpenSSL: read 0/11 bytes from BIO#100500890 [mem: 1005060a0] (BIO du mp follows) [Wed Jan 22 15:51:28 2003] [debug] ssl_engine_io.c(1424): +------------------------------------------------------------------- ------+ [Wed Jan 22 15:51:28 2003] [debug] ssl_engine_io.c(1455): +------------------------------------------------------------------- ------+ [Wed Jan 22 15:51:28 2003] [info] SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] [Wed Jan 22 15:51:28 2003] [info] Connection to child 4 closed with abortive shutdown(server www.gfasante.proto.generali.fr:44 3, client 172.30.220.24) Is there a specific openssl version required ? We are using openssl 0.9.6g. Apache compilation : CFLAGS="-m64" ./configure --prefix=/usr/local/www/prod \ --localstatedir=/var/log/www/prod --disable-charset-lite --disable-include \ --disable-autoindex --disable-asis --disable-cgi --disable-cgid \ --disable-negotiation --disable-dir --disable-imap --disable-actions \ --disable-userdir --enable-proxy --enable-ssl --enable-rewrite \ --with-mpm=worker -�with-ssl=/usr/local/ssl Apache SSL conf : AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl .crl SSLPassPhraseDialog builtin SSLSessionCache dbm:/var/log/www/proto/run/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:/var/log/www/proto/run/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /usr/local/www/proto/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/www/proto/conf/ssl.key/server.key SSLCertificateChainFile /usr/local/www/proto/conf/ssl.crt/verisign.crt CustomLog /var/log/www/proto/logs/ssl_request.log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" Can you help me please ? Thanks a lot ! Thomas. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
