Dear Dave Thomson, Thank you for your reply.
I checked Apache log and it does not give much information about the connection closure. 0. Yes, as you said, -debug and state did not give me much information about the problem. The only thing understood is server sends close notify. 1. The error is timing out error. 2. When I tried to feed the input, it did not make any difference. Connection closed within few seconds. 3. I tried to insert "GET / HTTP/1.0<CRLF><CRLF>" this also. As you mentioned in you reply. I get a verbose reply (all with html code). It says, HTTP/1.1 408 Request Time-out Therefore, it is happening because of time out. I even tried to change timeout values from apache2.conf file and ssl.conf file. It does not make any difference. (I restarted apache each time, I made any changes.) Thank You! I am doing all these testing on Ubuntu virtualbox and there are no firewall restrictions. On Tue, Jul 10, 2012 at 2:38 AM, Dave Thompson <dthomp...@prinpay.com>wrote: > >From: owner-openssl-us...@openssl.org On Behalf Of Sebastian Raymond > >Sent: Saturday, 07 July, 2012 05:31 > > >I have set-up the apache2 on my linux machine. Everything worked fine > previously. > > >But now, when I try to use openssl s_client command to connect to > >the machine, SSL handshake is completed successfully. But within few > >seconds the connection closes automatically. When I used -debug option, > >I understood that server sends alert messages and connection closes. > > If you use -msg instead of (or in addition to) -debug, it should tell > you the level and type of alert, but pretty much the only alert that > should occur after handshake completed is close_notify, which only > tells you the server decided to close, not why. Try checking the > server logs, although in my experience apache is rarely verbose. > > It could be timing out, although a "few seconds" is tight for that. > I don't know apache in particular, but there are denial-of-service > attacks on some webservers by just opening HTTP(S) connections and > not issuing any request(s), so some(?) servers close connections > on which no request is issued within a suitable time limit. And if > you are in a non-personal network, there may be a firewall or other > middlebox that does this for all HTTP(S) servers to be safe. > Does it work if you feed in a valid HTTP request immediately? > The simplest possible is usually GET / HTTP/1.0<CRLF><CRLF>. > And sometimes you can get away with <NL> instead of <CRLF>. > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > -- Regards, *Sebastian*
