RE: Connection hangs when using SSL

Mon, 04 Feb 2002 12:31:16 -0800

Title: Connection hangs when using SSL
I have the following and it works for me on win2kPro with Apache 1.3.22 and latest mod_ssl
 
SSLCertificateKeyFile c:\certs\server.key
SSLCertificateFile    c:\certs\server.crt
SSLPassPhraseDialog   builtin
SSLVerifyClient   require
SSLVerifyDepth   2
SSLEngine   on
SSLRandomSeed   startup builtin
SSLOptions   +ExportCertData
SSLCACertificateFile c:\certs\ca.crt
SSLLog logs\ssl_log
SSLLogLevel debug
 
 
Thanx
 
Himanshu Soni
-----Original Message-----
From: Himanshu Soni [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 04, 2002 12:38 PM
To: '[EMAIL PROTECTED]'
Subject: RE: Connection hangs when using SSL

Is your SSL Server key passphrase protected?
-----Original Message-----
From: Ken Tune [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 04, 2002 9:10 AM
To: '[EMAIL PROTECTED]'
Subject: Connection hangs when using SSL

I'm trying to get Apache up and running on WinNT, with SSL

I'm using

Apache/1.3.19 (Win32)
mod_ssl/2.8.3
OpenSSL/0.9.6a

My Apache config is as follows ...

SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none

SSLLog logs/SSL.log
SSLLogLevel debug

<VirtualHost <MY_HOST>:443>
        ServerName <MY_HOST>
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

        SSLCertificateFile D:/apache/ssl/my-server.cert
        SSLCertificateKeyFile D:/apache/ssl/my-server.key

        SetEnvIf User-Agent ".*MSIE.*" \
             nokeepalive ssl-unclean-shutdown \
             downgrade-1.0 force-response-1.0
        CustomLog logs/ssl_request_log combined
</VirtualHost>

My problem is that when I issue https://<MY_HOST> through the browser the browser simply hangs  - there's no response from apache.

If I try and connect to 443 directly using openssl I get

$ openssl s_client  -connect  <MY_HOST>:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0A01ED48 [0A01F788] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00   ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02   ................
0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c 15   ..F.v.*c..r%w.<.
0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db ed   "wF.i. ..}{.....
0080 - b6 1c                                             ..
SSL_connect:SSLv2/v3 write client hello A

... and nothing more.

I've tried using the -ssl2 and -ssl3 flags, but get the same result.

I've tried connecting using telnet and trying to speak http to the port and that doesn't work so that's not the issue.

Furthermore, when I try and connect I get an entry in my ssl.log ...

[04/Feb/2002 17:01:01 00193] [info]  Connection to child 4 established (server <MY_HOST>:443, client <MY_IP>)

Any suggestions gratefully received

Regards

Ken Tune

Reply via email to