I am using a RedHat 7.2 with
Server Version: Apache/1.3.22 (Unix) PHP/4.0.6 mod_perl/1.26 mod_ssl/2.8.5
OpenSSL/0.9.6b
For at least a year we have been getting complaints about people getting "Page cannot
be displayed" when using IE. We have tried
disabling certain ciphers, and disabling keep alive to no avail.
I have read MANY openssl, modssl and apache suggestions on how to prevent this problem
and none have worked.
When I turn on trace for the cipher engine I received
[17/Dec/2001 15:33:08 11905] [info] Connection to child 6 established (server
www.cartmanager.net:443, client 66.91.21.92)
[17/Dec/2001 15:33:08 11905] [info] Seeding PRNG with 2184 bytes of entropy
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Handshake: start
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: before/accept initialization
[17/Dec/2001 15:33:08 11905] [debug] OpenSSL: read 11/11 bytes from BIO#092E12D8 [mem:
09A1F068] (BIO dump follows)
[17/Dec/2001 15:33:08 11905] [debug] OpenSSL: read 43/43 bytes from BIO#092E12D8 [mem:
09A1F073] (BIO dump follows)
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 read client hello A
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 write server hello A
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 write certificate A
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 write server done A
[17/Dec/2001 15:33:08 11905] [debug] OpenSSL: write 712/712 bytes to BIO#092E12D8
[mem: 099E78B0] (BIO dump follows)
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Loop: SSLv3 flush data
[17/Dec/2001 15:33:08 11905] [debug] OpenSSL: I/O error, 5 bytes expected to read on
BIO#092E12D8 [mem: 09A1F068]
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Exit: error in SSLv3 read client
certificate A
[17/Dec/2001 15:33:08 11905] [trace] OpenSSL: Exit: error in SSLv3 read client
certificate A
[17/Dec/2001 15:33:08 11905] [error] SSL handshake interrupted by system [Hint: Stop
button pressed in browser?!] (System error
follows)
[17/Dec/2001 15:33:08 11905] [error] System: Connection reset by peer (errno: 104)
I have notice that it always fails in the same place with either a
5 bytes expected to read (for SSLv3)
or
2 bytes expected to read (for SSLv2)
This seems to be a somewhat sporadic event... if the person presses reload repeatedly,
the page will eventually display. However,
obviously not all users will press reload until it works....
Any ideas on how to correct this problem would be appreciated... I have seen it in
both SSLv2 and SSLv3 connections.
And, if needed I can get a complete debug dump of a connection.
Thanks in advance.
-Jason
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
