subject:"\[us...@httpd\] SSL errors"

[us...@httpd] SSL ERRORS

2009-03-04 Thread Andres Morey


Hi All,

If you turn on your LogLevel to info you will see the following errors  
in your apache log:


(70007)The timeout specified has expired: SSL input filter read failed.
SSL library error 1 in handshake
SSL Library Error: 336027900 error:140760FC:SSL  
routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to  
HTTPS port!?

Connection closed to child 9 with abortive shutdown

This is extremely worrying. Does anybody know how to fix these SSL  
errors?


Thanks,
Andres


-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] SSL errors

2010-09-08 Thread Yang Zhang

I'm running a (self-signed) SSL cert site on Apache/2.2.14 on Ubuntu
10.04, but various browsers are giving errors on half the connection
attempts, and wget too:

$ wget --no-check-certificate https://dev.partyondata.com/deps/
--2010-09-08 19:30:26--  https://dev.partyondata.com/deps/
Resolving dev.partyondata.com... 184.72.53.220
Connecting to dev.partyondata.com|184.72.53.220|:443... connected.
OpenSSL: error:0407006A:rsa
routines:RSA_padding_check_PKCS1_type_1:block type is not 01
OpenSSL: error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed
OpenSSL: error:1408D07B:SSL routines:SSL3_GET_KEY_EXCHANGE:bad signature
Unable to establish SSL connection.

Run it right away again and it works:

$ wget --no-check-certificate https://dev.partyondata.com/deps/
--2010-09-08 19:30:29--  https://dev.partyondata.com/deps/
Resolving dev.partyondata.com... 184.72.53.220
Connecting to dev.partyondata.com|184.72.53.220|:443... connected.
WARNING: cannot verify dev.partyondata.com's certificate, issued by
`/CN=dev.partyondata.com':
  Self-signed certificate encountered.
HTTP request sent, awaiting response... 200 OK
Length: 3157 (3.1K) [text/html]
Saving to: `index.html'

100%[==>] 3,157   --.-K/s   in 0s

2010-09-08 19:30:29 (48.6 MB/s) - `index.html' saved [3157/3157]

In my sites-enabled/default-ssl:

  SSLCertificateFile/etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

The cert:

-BEGIN CERTIFICATE-
MIIBszCCARwCCQCa0TzNwqLgsTANBgkqhkiG9w0BAQUFADAeMRwwGgYDVQQDExNk
ZXYucGFydHlvbmRhdGEuY29tMB4XDTEwMDgyNzA2MzA1N1oXDTIwMDgyNDA2MzA1
N1owHjEcMBoGA1UEAxMTZGV2LnBhcnR5b25kYXRhLmNvbTCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEAzXDEULpCUqIc9hV/ESFapkckR2uoYINA81DvG2aQZ9Ot
Q30OwX2ae2CC4bSzJEIVlahU8vjVrWpmpa28NEhQbqh4ywwbl1XDrEVYI6Gkfimf
snJhOKyaVrEhlwutYtBjmsz3ZIqwymMPm/6smVcSS5dJIynlSmtltxX6ivPcO8UC
AwEAATANBgkqhkiG9w0BAQUFAAOBgQBGxHVkpSSOnZjzuySRepjhAlV/yhe9Fx23
fh12WrjQMEi98B7JEuNSLXDWckUN7O6XRc3RzKmazcGHJqzhn0Ov6gAmAE2XjZ/x
VW21xmaLwk+KgYKFJbJJaP3jMSpU7I3aa11wqAkR2Zd4Nkm9N0YXYIzcBdfztTVI
Et8mEHBFdg==
-END CERTIFICATE-

The cert is in turn generated via:

$ make-ssl-cert generate-default-snakeoil --force-overwrite

Apache version.

$ apache2 -V
Server version: Apache/2.2.14 (Ubuntu)
Server built:   Apr 13 2010 20:22:19
Server's Module Magic Number: 20051115:23
Server loaded:  APR 1.3.8, APR-Util 1.3.9
Compiled using: APR 1.3.8, APR-Util 1.3.9
Architecture:   64-bit
Server MPM: Worker
  threaded: yes (fixed thread count)
forked: yes (variable process count)
Server compiled with
 -D APACHE_MPM_DIR="server/mpm/worker"
 -D APR_HAS_SENDFILE
 -D APR_HAS_MMAP
 -D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
 -D APR_USE_SYSVSEM_SERIALIZE
 -D APR_USE_PTHREAD_SERIALIZE
 -D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
 -D APR_HAS_OTHER_CHILD
 -D AP_HAVE_RELIABLE_PIPED_LOGS
 -D DYNAMIC_MODULE_LIMIT=128
 -D HTTPD_ROOT=""
 -D SUEXEC_BIN="/usr/lib/apache2/suexec"
 -D DEFAULT_PIDLOG="/var/run/apache2.pid"
 -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
 -D DEFAULT_ERRORLOG="logs/error_log"
 -D AP_TYPES_CONFIG_FILE="/etc/apache2/mime.types"
 -D SERVER_CONFIG_FILE="/etc/apache2/apache2.conf"

Any ideas? Thanks in advance for any help.
--
Yang Zhang
http://yz.mit.edu/

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SSL ERRORS

2009-03-04 Thread Eric Covener

On Wed, Mar 4, 2009 at 9:41 AM, Andres Morey  wrote:
> Hi All,
>
> If you turn on your LogLevel to info you will see the following errors in
> your apache log:
>
> (70007)The timeout specified has expired: SSL input filter read failed.
> SSL library error 1 in handshake
> SSL Library Error: 336027900 error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS
> port!?
> Connection closed to child 9 with abortive shutdown
>
> This is extremely worrying. Does anybody know how to fix these SSL errors?

Your connecting a to a HTTP port with HTTPS.   It's probably just your
config -- maybe you have  and need *:80 and *:443?

A quick check is to connect to port 443 with HTTP and see if you get a response.

-- 
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server Project.
See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
   "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SSL ERRORS

2009-03-04 Thread Andres Morey

I don't think the problem is talking to port 443 with HTTP. Here's the  
apache response when I access http://localhost:443/:



Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.


This is the error I am getting after every request:
(70007)The timeout specified has expired: SSL input filter read failed.

and these are the errors I get after a graceful restart:
SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML  
error page
SSL Library Error: 336027804 error:1407609C:SSL  
routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS  
port!?


If possible, could you set your LogLevel to info to see if you are  
seeing these errors as well? I have noticed these errors with Apache  
2.2.11 on linux and on OS X. I'm attaching my apache config file to  
this email.


Thanks for helping me debug this!

-Andres



Listen 80
Listen 443

LoadModule ssl_module  modules/mod_ssl.so

ServerName example
ServerAdmin ad...@example.com
ServerRoot "/usr/local/apache2"
ServerSignature Off
ServerTokens Prod

DocumentRoot "/usr/local/apache2/htdocs"

LogLevel info
ErrorLog logs/error_log

Timeout 300
KeepAlive on
MaxKeepAliveRequests 100
KeepAliveTimeout 15

MinSpareServers 8
MaxSpareServers 16
MaxClients 256
MaxRequestsPerChild 10

DefaultType text/plain
FileETag none
AllowEncodedSlashes On



User daemon
Group daemon



SSLSessionCache"shmcb:/usr/local/apache2/logs/ 
ssl_scache(512000)"

SSLSessionCacheTimeout  300
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0  
force-response-1.0



NameVirtualHost *:80
NameVirtualHost *:443


SSLEngine off


Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all



Order allow,deny
Allow from all




SSLEngine on
SSLCertificateFile /usr/local/apache2/conf/sslcerts/_.example.crt
SSLCertificateKeyFile /usr/local/apache2/conf/sslcerts/ 
_.example.key
SSLCertificateChainFile /usr/local/apache2/conf/sslcerts/ 
gd_bundle.crt



Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all



Order allow,deny
Allow from all





TypesConfig conf/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz







On Mar 4, 2009, at 9:55 AM, Eric Covener wrote:

On Wed, Mar 4, 2009 at 9:41 AM, Andres Morey   
wrote:

Hi All,

If you turn on your LogLevel to info you will see the following  
errors in

your apache log:

(70007)The timeout specified has expired: SSL input filter read  
failed.

SSL library error 1 in handshake
SSL Library Error: 336027900 error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL  
to HTTPS

port!?
Connection closed to child 9 with abortive shutdown

This is extremely worrying. Does anybody know how to fix these SSL  
errors?


Your connecting a to a HTTP port with HTTPS.   It's probably just your
config -- maybe you have  and need *:80 and *:443?

A quick check is to connect to port 443 with HTTP and see if you get  
a response.


--
Eric Covener
cove...@gmail.com

-
The official User-To-User support forum of the Apache HTTP Server  
Project.

See http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
  "   from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org

Re: [us...@httpd] SSL ERRORS

2009-03-05 Thread Andres Morey

The problem isn't talking to port 443 with HTTP because accessing http://localhost:443/ gives me a "Bad Request" error.This is the error I am getting after every request:(70007)The timeout specified has expired: SSL input filter read failed.and these are the errors I get after a graceful restart:SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error pageSSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?If possible, could you set your LogLevel to info to see if you are seeing these errors as well? I have noticed these errors with Apache 2.2.11 on linux and on OS X. I'm attaching my apache config file to this email.Thanks for helping me debug this!-Andres

httpd.conf
Description: Binary data
On Mar 4, 2009, at 9:55 AM, Eric Covener wrote:On Wed, Mar 4, 2009 at 9:41 AM, Andres Morey  wrote:Hi All,If you turn on your LogLevel to info you will see the following errors inyour apache log:(70007)The timeout specified has expired: SSL input filter read failed.SSL library error 1 in handshakeSSL Library Error: 336027900 error:140760FC:SSLroutines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPSport!?Connection closed to child 9 with abortive shutdownThis is extremely worrying. Does anybody know how to fix these SSL errors?Your connecting a to a HTTP port with HTTPS.   It's probably just yourconfig -- maybe you have  and need *:80 and *:443?A quick check is to connect to port 443 with HTTP and see if you get a response.-- Eric Covenercove...@gmail.com-The official User-To-User support forum of the Apache HTTP Server Project.See http://httpd.apache.org/userslist.html> for more info.To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org  "   from the digest: users-digest-unsubscr...@httpd.apache.orgFor additional commands, e-mail: users-h...@httpd.apache.org

[us...@httpd] SSL ERRORS

[us...@httpd] SSL errors

Re: [us...@httpd] SSL ERRORS

Re: [us...@httpd] SSL ERRORS

Re: [us...@httpd] SSL ERRORS

5 matches

Site Navigation

Mail list logo

Footer information