Iain: Wow! Am I glad to hear from you! I've been wrestling with exactly this problem - error on: OpenSSL: read 5/5 bytes from BIO - for a few weeks now; was beginning to think I was losing my mind. (while we leave that possibility aside for the moment(!),) here's what's different about our environment:
Apache/2.2.11 (Unix - Solaris SPARC) mod_ssl/2.2.11 OpenSSL/0.9.8k PHP/5.2.9 . We are using certificate authentication. Seeing this behavior under Firefox (Mac); haven't tried it using mobile browsers, though, presumably, you may be using a Mozilla-based mobile browser... We've recently upgraded to these current versions of Apache and OpenSSL, but the error behavior has not been impacted. The incessant prompting for certificate can be interrupted by setting Firefox's Advanced-Encryption-When a server requests my certificate-Select one automatically option. The above read error persists, however... The primary impact is - apparently - that the SSL session is constantly re-negotiated for GET of each page element; loading of a single page might generate 8-10 prompts for the certificate. We have fiddled with various settings for the Renogotiation buffer, including which buffer engine is used, its size, etc., all to no avail. Some of the settings result in Apache configuration errors, so I wonder if we're into an Apache - or mod_ssl - 'black hole' region. My quick research on this indicates that others have run into it, some have simply ignored it, but none have solved it. Hopefully we'll come up with something. Lou ----- Original Message ----- From: "I Emsley (Iain)" <iain.ems...@stfc.ac.uk> To: modssl-users@modssl.org Sent: Friday, July 17, 2009 8:56:23 AM GMT -05:00 US/Canada Eastern Subject: SSL connection between Apache and Tomcat failing I’ve got a website which uses Apache 2.2 as the front end with Tomcat 5.5.23 as the backend and am using mod_ssl and mod_proxy to link to the two together in Windows server 2003. Normally there isn’t an issue with two servers serving the website but recently (and mainly with , it appears, mobile browsers), I’m getting the following errors: i Jul 17 09:52:29 2009] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read finished A [Fri Jul 17 09:52:29 2009] [debug] ssl_engine_kernel.c(1756): OpenSSL: Handshake: done [Fri Jul 17 09:52:29 2009] [info] Connection: Client IP: 130.246.76.83, Protocol: TLSv1, Cipher: DHE-RSA-AES256-SHA (256/256 bits) [Fri Jul 17 09:52:29 2009] [debug] ssl_engine_io.c(1817): OpenSSL: read 5/5 bytes from BIO