https://bz.apache.org/bugzilla/show_bug.cgi?id=68517
Bug ID: 68517 Summary: Getting AH00898: Error during SSL Handshake with remote server while using apache as reverse proxy Product: Apache httpd-2 Version: 2.5-HEAD Hardware: PC OS: Linux Status: NEW Severity: major Priority: P2 Component: All Assignee: bugs@httpd.apache.org Reporter: sbhanwr...@gmail.com Target Milestone: --- We have installed apache 2.4.58 in a new directory, We use the same setting and SSL certificate wallets as apache 2.4.57 . However, we keep getting 502 bad gateway issue in newer apache while its working fine in apache 2.4.57 on same server I tried tried below settings as well, but no luck. SSLProxyCheckPeerCN off SSLProxyCheckPeerExpire off I have verified by proxyCA with curl, it works fine. I struggled with this issue for couple of weeks. Thanks a lot, The error log: [Thu Jan 18 15:00:11.652886 2024] [proxy:error] [pid 8119:tid 140431891339008] (20014)Internal error (specific information not available): [client x.x.x.x.x.x.:40441] AH01084: pass request body failed to x.x.x.x.x.x.:443 (innoprosys.com) [Thu Jan 18 15:00:11.652931 2024] [proxy:error] [pid 8119:tid 140431891339008] [client x.x.x.x.x.x.:40441] AH00898: Error during SSL Handshake with remote server returned by /xxx/xxx/xxx/api/ [Thu Jan 18 15:00:11.652934 2024] [proxy_http:error] [pid 8119:tid 140431891339008] [client x.x.x.x.x.x.:40441] AH01097: pass request body failed to x.x.x.x.x.x.:443 (xxxx.com) from x.x.x.x.x.x. () SSL Logs : [18/Jan/2024:15:00:11 +0300] XXXXX TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 "GET /XXX/XXX/XXX/api/?key=TMS1LN9X4TZRP3MKGU0B HTTP/1.1" 273 The VH config: Listen 5995 SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLHonorCipherOrder on # SSL Protocol support: SSLProtocol all -SSLv3 SSLPassPhraseDialog builtin SSLSessionCache "shmcb:/u01/apache/httpd-2.4.58/logs/ssl_scache(512000)" SSLSessionCacheTimeout 300 <VirtualHost _default_:5995> # General setup for the virtual host DocumentRoot "/u01/apache/httpd-2.4.58/htdocs" ServerName xxxxx.xxx.com.sa:5995 ServerAdmin y...@example.com ErrorLog "/u01/apache/httpd-2.4.58/logs/error_log" TransferLog "/u01/apache/httpd-2.4.58/logs/access_log" SSLEngine on # Server Certificate: SSLCertificateFile "/u01/apache/httpd-2.4.58/nwc-config/certificates/server/xxx.xx.com.sa.pem" # Server Private Key: SSLCertificateKeyFile "/u01/apache/httpd-2.4.58/nwc-config/certificates/server/xxxxx.xxx.com.sa_key1.key" SSLCACertificatePath "/u01/apache/httpd-2.4.58/nwc-config/certificates/ca" #SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/u01/apache/httpd-2.4.58/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 # compact non-error SSL logfile on a virtual host basis. CustomLog "/u01/apache/httpd-2.4.58/logs/ssl_request_log" \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" SSLProxyEngine On SSLProxyProtocol all -SSLv3 -TLSv1.1 SSLProxyCACertificatePath "/u01/apache/httpd-2.4.58/nwc-config/certificates/ca" ProxyRequests On ProxyVia On ProxyPreserveHost Off <Location /xxx/xxx/xxx/api/> ProxyPass https://xxx.com/xxx/xxx/xxx/api/ ProxyPassReverse https://xxxx.com/xxx/apis/xxx/api/ </Location> </VirtualHost> The compile settings: ./httpd -V Server version: Apache/2.4.58 (Unix) Server built: Jan 15 2024 12:58:36 Server's Module Magic Number: 20120211:129 Server loaded: APR 1.7.4, APR-UTIL 1.6.3, PCRE 8.45 2021-06-15 Compiled using: APR 1.7.4, APR-UTIL 1.6.3, PCRE 8.45 2021-06-15 Architecture: 64-bit Server MPM: event threaded: yes (fixed thread count) forked: yes (variable process count) Server compiled with.... -D APR_HAS_SENDFILE -D APR_HAS_MMAP -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled) -D APR_USE_PROC_PTHREAD_SERIALIZE -D APR_USE_PTHREAD_SERIALIZE -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT -D APR_HAS_OTHER_CHILD -D AP_HAVE_RELIABLE_PIPED_LOGS -D DYNAMIC_MODULE_LIMIT=256 -D HTTPD_ROOT="/u01/apache/httpd-2.4.58" -D SUEXEC_BIN="/u01/apache/httpd-2.4.58/bin/suexec" -D DEFAULT_PIDLOG="logs/httpd.pid" -D DEFAULT_SCOREBOARD="logs/apache_runtime_status" -D DEFAULT_ERRORLOG="logs/error_log" -D AP_TYPES_CONFIG_FILE="conf/mime.types" -D SERVER_CONFIG_FILE="conf/httpd.conf" -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org