[Bug 62232] New: AH01962: Unable to create a new SSL connection from the SSL context for proxy connections

Thu, 29 Mar 2018 08:48:06 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=62232

            Bug ID: 62232
           Summary: AH01962: Unable to create a new SSL connection from
                    the SSL context for proxy connections
           Product: Apache httpd-2
           Version: 2.4.32
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P2
         Component: mod_ssl
          Assignee: [email protected]
          Reporter: [email protected]
  Target Milestone: ---

We are seeing the following messages for proxy connections to backend servers
after upgrading from apache 2.4.29 to apache 2.4.32 (the one not formally
announced).

[Thu Mar 29 17:38:52.213263 2018] [ssl:error] [pid 35774:tid 139793802262272]
[remote 10.198.2.44:11472] AH01962: Unable to create a new SSL connection from
the SSL context
[Thu Mar 29 17:38:52.213299 2018] [ssl:error] [pid 35774:tid 139793802262272]
SSL Library Error: error:140BA0C3:SSL routines:SSL_new:null ssl ctx

Here's the SSL-specific config..

    193021: <VirtualHost 10.216.21.20:13595>
    193037:   SSLEngine on
    193038:   SSLProtocol ALL -SSLv2 -SSLv3
    193040:   SSLHonorCipherOrder on
    193044:   SSLCipherSuite
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:OLD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH-RC4:RSA-RC4!MD5
    193045:   SSLCompression off
    193047:   SSLCertificateKeyFile /somepath/ssl/ssl.key
    193048:   SSLCertificateFile /somepath/ssl/ssl.cert
    193049:   SSLCACertificateFile /somepath/ssl/ssl.ca
    193050:   SSLProxyCheckPeerName off
    193053:   <FilesMatch "\.(cgi|shtml|pl|phtml|php3?)$">
    193054:     SSLOptions +StdEnvVars
        :   </FilesMatch>
    193247:   SSLProxyProtocol TLSv1 -SSLv2 -SSLv3
    193251:   SSLVerifyClient require
    193252:   SSLVerifyDepth 2
    193253:   SSLCACertificateFile /somepath/ssl/ssl.ca
    193254:   <Location "/">
    193255:     SSLRequire ((%{SSL_CLIENT_I_DN_OU} eq "AAA") and
(%{SSL_CLIENT_S_DN_O} eq "BBB")) or ((%{SSL_CLIENT_I_DN_OU} eq "CCC") and
(%{SSL_CLIENT_S_DN_O} eq "DDD"))
        :   </Location>
        : </VirtualHost>

I suspect some of the SSLProxy changes between .29 and .32 are contributing but
can't decide what  exactly.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to