[Bug 44503] New: Errors during SSL handshake

Wed, 27 Feb 2008 18:10:44 -0800 

https://issues.apache.org/bugzilla/show_bug.cgi?id=44503

           Summary: Errors during SSL handshake
           Product: Apache httpd-2
           Version: 2.2.4
          Platform: Sun
        OS/Version: OpenBSD
            Status: NEW
          Severity: blocker
          Priority: P2
         Component: mod_ssl
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


I have installed a standard apache 2.2.4 package on OpenBSD 4.2, and have found
a major problem.

I set up 4 virtual hosts on the same IP address:
*.80 -> no ssl
XXX.XXX.XXX.XXX:443 -> SSL enabled
XXX.XXX.XXX.XXX:40002 -> SSL enabled
XXX.XXX.XXX.XXX:40003 -> SSL enabled
All 3 have been configured correctly to use SSL, and each one uses its own
dummy SSL certificate.

The server starts fine, and all 3 virtual hosts work as expected. Testing each
one individually on a web browser shows that they all work fine.
However, after a period of time under a moderate load the 3rd SSL site starts
to have great difficulty figuring out which host it's supposed to be using, and
ends up dropping out of SSL to the default virtual host on port 80. But this
seems to happen AFTER the browser has already established the initial handshake
with SSL.

This results in errors similar to the following in the default host's error
log: 
[Tue Feb 26 16:35:00 2008] [error] [client XXX.XXX.XXX.XXX] Invalid method in
request \x16\x03\x01
The SSL virtual host shows no errors, even with the LogLevel set to debug.
The web browser comes up with an error message: "Unrecognized SSL message,
plaintext connection?"

If i disable all SSL virtual hosts and enable each one individually i get no
errors, even under a heavy load, so the configuration seems to be fine. There
just seems to be a major problem with the mod_ssl module making it unable to
handle more than one SSL host for very long.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to