Re: [FWD] Apache 2.2.17 and OpenSSL 1.0.0c - Crash with SSLVirtualHost ServerName set.

Fri, 04 Feb 2011 04:41:19 -0800 

On Fri, Feb 4, 2011 at 19:08, Ryan Wehrle <ryaner...@gmail.com> wrote:
> I forgot to add, I am using client certificate authentication.
> httpd.conf
> <Directory "Z:/Apache/_MilesMilitusCallidus.com_SSL">
> SSLVerifyClient require
> SSLVerifyDepth 1
> SSLRequireSSL
> SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
> Options FollowSymLinks ExecCGI
> Order allow,deny
> Allow from all
> </Directory>
>
> Configuration changed with no set servername in the SSL config.
> Logs when using Opera to connect to https://milesmilituscallidus.com. Opera
> has a VALID user cert that works in every other browser, but Opera never
> loads the page. It stays as a white page, reloading every so often.
> Logs:
> [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1993): [client
> 67.167.32.58] No matching SSL virtual host for servername
> milesmilituscallidus.com found (using default/first virtual host)
> [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1884): OpenSSL:
> Write: SSLv3 read client hello C
> [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop:
> SSLv3 read client hello A
> [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop:
> SSLv3 write server hello A
> [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop:
> SSLv3 write certificate A
> [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1274): [client
> 67.167.32.58] handing out temporary 1024 bit DH key
> [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop:
> SSLv3 write key exchange A
> [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop:
> SSLv3 write certificate request A
> [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop:
> SSLv3 flush data
> [Fri Feb 04 04:53:58 2011] [debug] ssl_engine_io.c(1900): OpenSSL: I/O
> error, 5 bytes expected to read on BIO#290def0 [mem: 27ea44b]
> [Fri Feb 04 04:53:58 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit:
> error in SSLv3 read client certificate A
> [Fri Feb 04 04:53:58 2011] [error] [client 67.167.32.58] Re-negotiation
> handshake failed: Not accepted by client!?

Please comment out the following line:
# SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128

Maybe your SSL_CIPHER_USEKEYSIZE tool restrict.

--
Dongsheng song
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to