Package: Apache2 Version: 2.0.52-3 Severity: important
I'm a rank beginner with configuring Apache2 for SSL, and there's not much documentation to go by, so I can't rule out operator error. :-, But I think I've confirmed something someone else was seeing (more on this later). I've enabled SSL for Apache2 according to the following instructions: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267477 (with some tips from http://www.ilovett.com/blog/archives/2004/10/21/installing-ssl-on-debian-apache2/ ) When I try to connect to my webserver via https, I get a 302 error in the access log: 127.0.0.1 - - [25/Nov/2004:23:47:23 -0600] "\x16\x03\x01" 302 415 "-" "-" 127.0.0.1 - - [26/Nov/2004:00:23:09 -0600] "\x80\x8c\x01\x03\x01" 302 415 "-" "-" 192.168.0.95 - - [26/Nov/2004:00:25:23 -0600] "\x80g\x01\x03" 302 415 "-" "-" 192.168.0.95 - - [26/Nov/2004:00:31:28 -0600] "\x80g\x01\x03" 302 415 "-" "-" (etc.) Nothing in the error log. Mozilla says "The connection to (the server) has terminated unexpectedly. Some data may have been transferred." lynx says: Looking up localhost Making HTTPS connection to localhost Retrying connection without TLS. Looking up localhost Making HTTPS connection to localhost Alert!: Unable to make secure connection to remote host. lynx: Can't access startfile https://localhost/ I found someone else seeing this, he posted this in the debian-user listserver, see http://lists.debian.org/debian-user/2004/09/msg00604.html My output from openssl: sproathome:/etc/apache2# openssl s_client -connect localhost:443 -state -debug CONNECTED(00000003) SSL_connect:before/connect initialization write to 080B06E8 [080B0CE8] (142 bytes => 142 (0x8E)) 0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............ 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.....f. 0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .............c.. 0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...........@ 0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`....... 0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 54 96 ..............T. 0070 - 6b bf e8 43 b4 d5 54 f9-59 f5 ca 22 9e 84 8b b4 k..C..T.Y..".... 0080 - 4c 60 ba c4 ec 47 95 8d-4a 87 ee d7 36 50 L`...G..J...6P SSL_connect:SSLv2/v3 write client hello A read from 080B06E8 [080B6248] (7 bytes => 7 (0x7)) 0000 - 3c 21 44 4f 43 54 59 <!DOCTY SSL_connect:error in SSLv2/v3 read server hello A 2359:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475: Cheers, - jsproat -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (500, 'testing') Architecture: i386 (i586) Kernel: Linux 2.4.27-1-386 Locale: LANG=en_US, LC_CTYPE=en_US Versions of packages Apache2 depends on: ii apache2-mpm-prefork 2.0.52-3 Traditional model for Apache2 -- no debconf information
