Re: [Mod_nss-list] Apache, mod_nss SSL Library Error: -8023 Unknown

Mon, 18 Jul 2016 08:45:12 -0700 

Remy van Elst wrote:


Hi there,

I'm using mod_nss on Ubuntu 16.04 with Apache, the Nitrokey HSM and the
OpenSC PKCS#11 module. I do experience frequent crashes of Apache. The
browsers gives SSL_ERROR_HANDSHAKE_FAILURE_ALERT.


This is in the error log, with Loglevel debug:

     [Sat Jul 16 08:51:21.798715 2016] [:info] [pid 15788] Connection to
child 2 established (server rsa1024.tst.raymii.org
<http://rsa1024.tst.raymii.org>, client 172.16.20.55)
     [Sat Jul 16 08:51:21.799585 2016] [:info] [pid 15788] SSL input
filter read failed.
     [Sat Jul 16 08:51:21.799889 2016] [:error] [pid 15788] SSL Library
Error: -8152 The key does not support the requested operation
     [Sat Jul 16 08:51:21.800184 2016] [:info] [pid 15788] Connection to
child 2 closed (server rsa1024.tst.raymii.org:443
<http://rsa1024.tst.raymii.org:443>, client 172.16.20.55)
     [Sat Jul 16 08:51:21.840763 2016] [:info] [pid 15791] SSL input
filter read failed.
     [Sat Jul 16 08:51:21.841044 2016] [:error] [pid 15791] SSL Library
Error: -8023 Unknown
     [Sat Jul 16 08:51:21.841245 2016] [:info] [pid 15791] Connection to
child 3 closed (server rsa1024.tst.raymii.org:443
<http://rsa1024.tst.raymii.org:443>, client 172.16.20.55)
     [Sat Jul 16 08:51:21.932461 2016] [:info] [pid 15791] Connection to
child 3 established (server rsa1024.tst.raymii.org
<http://rsa1024.tst.raymii.org>, client 172.16.20.55)
     [Sat Jul 16 08:51:21.933291 2016] [:info] [pid 15791] SSL input
filter read failed.
     [Sat Jul 16 08:51:21.933480 2016] [:error] [pid 15791] SSL Library
Error: -8152 The key does not support the requested operation

This problem occurs when loading a Wordpres site. A simple single HTML
page also gives this error, but it takes many more refreshes. The
Wordpress site triggers it after a few (5, 6) pages.

A restart of the Apache server is required to make the error go away.



What version of NSS and mod_nss do you have installed? I'm not sure if 
this is a PKCS#11 issue or something else.


rob


_______________________________________________
Mod_nss-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/mod_nss-list






















					Reply via email to