On Fri, 8 Aug 2003, Arthur Chan wrote: > [ssl] # openssl s_client -connect localhost:443 -state -debug > still throws this sticky error : > SSL_connect:error in SSLv2/v3 read server hello A > 1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown > protocol:s23_clnt.c:460:
You have multiple problems conspiring against you here. Problem #1: your OpenSSL doesn't have the error messages loaded so you're getting a rather non-descriptive error message. No big deal, it just means you have to look harder to find out what the error means. Problem #2: SSL23_GET_SERVER_HELLO:unknown protocol: - now I bet if you looked at the debug dump you'd see something very similar to: 0000 - 3c 21 44 4f 43 54 59 <!DOCTY which was mentioned in one of those links the other guy sent you. It's telling you that that's what it received from the server. You'll notice that "<!DOCTY" is the first few bytes of a standard html page unencrypted. So this tells you that your web server is in fact speaking plain HTTP on port 443 rather than HTTPS. You probably do not have "SSLEngine on" for that virtual host. Problem #3: You mentioned trying to get name-based vhosts to work with SSL. You must realize that this doesn't work right in the general case. Please see http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2 . Hope this helps. --Cliff ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
