Iain: 

Wow! Am I glad to hear from you! I've been wrestling with exactly this problem 
- error on: OpenSSL: read 5/5 bytes from BIO - for a few weeks now; was 
beginning to think I was losing my mind. (while we leave that possibility aside 
for the moment(!),) here's what's different about our environment: 

Apache/2.2.11 (Unix - Solaris SPARC) mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 . 
We are using certificate authentication. Seeing this behavior under Firefox 
(Mac); haven't tried it using mobile browsers, though, presumably, you may be 
using a Mozilla-based mobile browser... We've recently upgraded to these 
current versions of Apache and OpenSSL, but the error behavior has not been 
impacted. The incessant prompting for certificate can be interrupted by setting 
Firefox's Advanced-Encryption-When a server requests my certificate-Select one 
automatically option. The above read error persists, however... 

The primary impact is - apparently - that the SSL session is constantly 
re-negotiated for GET of each page element; loading of a single page might 
generate 8-10 prompts for the certificate. We have fiddled with various 
settings for the Renogotiation buffer, including which buffer engine is used, 
its size, etc., all to no avail. Some of the settings result in Apache 
configuration errors, so I wonder if we're into an Apache - or mod_ssl - 'black 
hole' region. 

My quick research on this indicates that others have run into it, some have 
simply ignored it, but none have solved it. 

Hopefully we'll come up with something. Lou 

----- Original Message ----- 
From: "I Emsley (Iain)" <iain.ems...@stfc.ac.uk> 
To: modssl-users@modssl.org 
Sent: Friday, July 17, 2009 8:56:23 AM GMT -05:00 US/Canada Eastern 
Subject: SSL connection between Apache and Tomcat failing 




I’ve got a website which uses Apache 2.2 as the front end with Tomcat 5.5.23 as 
the backend and am using mod_ssl and mod_proxy to link to the two together in 
Windows server 2003. Normally there isn’t an issue with two servers serving the 
website but recently (and mainly with , it appears, mobile browsers), I’m 
getting the following errors: 

i Jul 17 09:52:29 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 
read finished A 

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_kernel.c(1756): OpenSSL: 
Handshake: done 

[Fri Jul 17 09:52:29 2009] [info] Connection: Client IP: 130.246.76.83, 
Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits) 

[Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 
bytes from BIO 

Reply via email to