>>>>Sorry if you have already receive this mail <<<<<<<<<<<<<<<<<<<
Hi,
I try to replace an IBM edge server reverse proxy, by an APACHE 2.0.36 / Mod_proxy / Mod_ssl / openssl 0.9.6d. The Reverse proxy deal the SSL part with client, and work with my back end Server in HTTP.
I have 3 type of client which reach the Reverse Proxy : Standard Browsers, Java client and CGI client. All of them call the same URL: https://..........
All 3 client work fine with IBM Reverse Proxy. Only 2 of 3 clients work fine with Apache Reverse Proxy: I’am not able to find why the CGI client cannot establish an SSL session !
I’m searching some news ways to find the solution: a new trace, some particulary settings, etc …
Does someone knows how to read through the “BIO DUMP” ?
Here are the 3 traces from the 3 clients ( ssl_engine_log ):
######################From an IE 6 Browsers##########################################################
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Handshake: start
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: before/accept initialization
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 11/11 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 00 00 61 01 00 00-5d 03 ....a...]. |
| 000b - <SPACES/NULS>
+-------------------------------------------------------------------------+
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 91/91 bytes from BIO#301A2CC8 [mem: 301AC733] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 3d 11 be 01 d5 f6 b1 23-d5 62 52 d3 b1 4b d7 7d =......#.bR..K.} |
| 0010: dc bd 91 70 ea 40 df 3e-3d a2 21 a6 bd 40 db e2 ...p.@.>=.!..@.. |
| 0020: 20 29 bf bf 69 76 ad 4e-3e 78 73 1d 80 68 10 db )..iv.N>xs..h.. |
| 0030: 44 41 68 8d f0 62 2f 96-c2 81 1a fa 2d a0 f1 f4 DAh..b/.....-... |
| 0040: 1b 00 16 00 04 00 05 00-0a 00 09 00 64 00 62 00 ............d.b. |
| 0050: 03 00 06 00 13 00 12 00-63 01 ........c. |
| 005b - <SPACES/NULS>
+-------------------------------------------------------------------------+
[20/Jun/2002 13:31:25 14914] [trace] Inter-Process Session Cache: request=GET status=FOUND id=29BFBF6976AD4E3E78731D806810DB4441688DF0622F96C2811AFA2DA0F1F41B (session reuse)
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 read client hello A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write server hello A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 write finished A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 flush data
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 14 03 00 00 01 ..... |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 1/1 bytes from BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 01 . |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 00 00 38 ....8 |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:31:25 14914] [debug] OpenSSL: read 56/56 bytes from BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 13 3a af b4 52 6a a1 f9-40 8b 29 2b 03 3f 36 f8 .:..Rj..@.)+.?6. |
| 0010: bc e0 2c 98 c1 ba 88 d8-db ff 43 5d 01 af 36 47 ..,.......C]..6G |
| 0020: 76 81 2d 1b b1 a9 b1 75-fb 1c b6 49 70 04 d5 30 v.-....u...Ip..0 |
| 0030: da fa cd a0 82 98 12 ae- ........ |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Loop: SSLv3 read finished A
[20/Jun/2002 13:31:25 14914] [trace] OpenSSL: Handshake: done
#############################FROM a JAVA client #######################################
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Handshake: start
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: before/accept initialization
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 11/11 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 01 00 5d 01 00 00-59 03 01 ....]...Y.. |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 87/87 bytes from BIO#301A2CC8 [mem: 301AC733] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 3d 11 bd 7e 02 8f 4a 6d-a0 ca 8d 96 f8 45 bc b1 =..~..Jm.....E.. |
| 0010: 68 35 40 f5 de 70 1a 2b-b2 e4 bc 0a 00 90 d3 94 h5@..p.+........ |
| 0020: 20 85 e4 ff 82 ea 00 fb-fb 86 66 94 47 78 a4 98 .........f.Gx.. |
| 0030: 5d d4 5b e2 85 a1 b8 3a-ce 7c 0a 3e 25 85 27 92 ].[....:.|.>%.'. |
| 0040: 07 00 12 00 04 00 05 00-09 00 0a 00 03 00 08 00 ................ |
| 0050: 06 00 01 00 02 01 ...... |
| 0057 - <SPACES/NULS>
+-------------------------------------------------------------------------+
[20/Jun/2002 13:30:38 10436] [trace] Inter-Process Session Cache: request=GET status=MISSED id=85E4FF82EA00FBFB8666944778A4985DD45BE285A1B83ACE7C0A3E2585279207 (session renewal)
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 read client hello A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write server hello A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write certificate A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write server done A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 flush data
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 01 00 46 ....F |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 70/70 bytes from BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 10 00 00 42 00 40 36 5b-7b db 01 6a c6 dc 3f 3d ...B.@6[{..j..?= |
| 0010: f8 a4 36 c4 1a 9a 48 91-da 6a 93 88 4f 8f 56 17 ..6...H..j..O.V. |
| 0020: d0 c1 2e ec 37 72 d1 af-2c 04 2b a0 e6 01 41 fd ....7r..,.+...A. |
| 0030: d8 16 f5 4e e5 fc 47 66-01 61 2c 8e 87 ac 9f bb ...N..Gf.a,..... |
| 0040: 38 fb 4a b2 02 53 8.J..S |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 read client key exchange A
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 14 03 01 00 01 ..... |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 1/1 bytes from BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 01 . |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 5/5 bytes from BIO#301A2CC8 [mem: 301AC728] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 01 ... |
| 0005 - <SPACES/NULS>
+-------------------------------------------------------------------------+
[20/Jun/2002 13:30:38 10436] [debug] OpenSSL: read 32/32 bytes from BIO#301A2CC8 [mem: 301AC72D] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: b7 af 39 95 65 14 be c0-55 e8 df 25 b9 fe 62 e2 ..9.e...U..%..b. |
| 0010: 80 eb 47 74 8b 74 cd 09-3d cf 1f a3 a7 85 2d 99 ..Gt.t..=.....-. |
+-------------------------------------------------------------------------+
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 read finished A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 write finished A
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Loop: SSLv3 flush data
[20/Jun/2002 13:30:38 10436] [trace] Inter-Process Session Cache: request=SET status=OK id=BAF123503A2978BE228BE6C2A7BE69CF58779AF1D98B1432175E0C745D6E3623 timeout=300s (session caching)
[20/Jun/2002 13:30:38 10436] [trace] OpenSSL: Handshake: done
################FROM a CGI client ##################################################
[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Handshake: start
[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Loop: before/accept initialization
[20/Jun/2002 11:05:50 13532] [debug] OpenSSL: read 11/11 bytes from BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 80 6b 01 03 01 00 42 .k....B |
| 000b - <SPACES/NULS>
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:50 13532] [debug] OpenSSL: read 98/98 bytes from BIO#3017F2A8 [mem: 301C7F03] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 00 00 16 00 00 13 00 00-0a 00 00 07 00 00 05 00 ................ |
| 0010: 00 04 00 00 15 00 00 12-00 00 09 07 00 c0 05 00 ................ |
| 0020: 80 03 00 80 01 00 80 08-00 80 06 00 40 00 00 14 ............@... |
| 0030: 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................ |
| 0040: 00 80 6d a5 18 58 b9 cd-c8 bd 02 1d 7e 20 20 6c ..m..X......~ l |
| 0050: 46 2d ec 6b 71 ad 31 5a-fe f6 d9 19 8f ba 84 f3 F-.kq.1Z........ |
| 0060: 8b 9c .. |
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Loop: SSLv3 read client hello A
[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Loop: SSLv3 write server hello A
[20/Jun/2002 11:05:50 13532] [trace] OpenSSL: Loop: SSLv3 write certificate A
[20/Jun/2002 11:05:50 13532] [trace] handing out temporary 1024 bit DH key
[20/Jun/2002 11:05:51 13532] [trace] OpenSSL: Loop: SSLv3 write key exchange A
[20/Jun/2002 11:05:51 13532] [trace] OpenSSL: Loop: SSLv3 write certificate request A
[20/Jun/2002 11:05:51 13532] [trace] OpenSSL: Loop: SSLv3 flush data
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 01 00 07 ..... |
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 7/7 bytes from BIO#3017F2A8 [mem: 301C7EFD] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 0b 00 00 03 .... |
| 0007 - <SPACES/NULS>
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Loop: SSLv3 read client certificate A
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 01 00 86 ..... |
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 134/134 bytes from BIO#3017F2A8 [mem: 301C7EFD] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 10 00 00 82 00 80 86 ab-42 68 68 eb 1d b1 7c 97 ........Bhh...|. |
| 0010: 3d 0d da 91 a4 3d 5f f6-c7 6f 07 a9 9b 41 98 c4 =....=_..o...A.. |
| 0020: 20 88 89 99 32 4c 52 92-e1 9c 35 1b 19 84 18 b2 ...2LR...5..... |
| 0030: 7d ac b0 d2 08 05 51 16-bf 9d d8 d2 26 15 dc a3 }.....Q.....&... |
| 0040: a3 f8 ae fc fc 2b 9f 57-a2 6d f8 46 a3 08 4a 49 .....+.W.m.F..JI |
| 0050: dd 8d cd b6 2f a3 49 13-8b 11 86 d0 49 10 05 b6 ..../.I.....I... |
| 0060: 44 09 9f c0 1d 0d db 96-34 e2 f1 34 a3 e6 7a f5 D.......4..4..z. |
| 0070: 8e a7 31 60 62 0a 87 51-f4 87 a8 69 3c 2b 65 b8 ..1`b..Q...i<+e. |
| 0080: 9f bc 6e 16 2d f7 ..n.-. |
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Loop: SSLv3 read client key exchange A
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 14 03 01 00 01 ..... |
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 1/1 bytes from BIO#3017F2A8 [mem: 301C7EFD] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 01 . |
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 5/5 bytes from BIO#3017F2A8 [mem: 301C7EF8] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: 16 03 01 00 28 ....( |
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:52 13532] [debug] OpenSSL: read 40/40 bytes from BIO#3017F2A8 [mem: 301C7EFD] (BIO dump follows)
+-------------------------------------------------------------------------+
| 0000: db 7a 62 c2 e4 f9 08 b7-de 2a a7 c9 65 16 f0 97 .zb......*..e... |
| 0010: 66 9f 32 fc 10 ea 0d 02-49 9f 26 12 fe 2c 83 d1 f.2.....I.&..,.. |
| 0020: ef 66 40 32 5f cd d5 61- [EMAIL PROTECTED] |
+-------------------------------------------------------------------------+
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Write: SSLv3 read certificate verify A
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Exit: error in SSLv3 read certificate verify A
[20/Jun/2002 11:05:52 13532] [trace] OpenSSL: Exit: error in SSLv3 read certificate verify A
[20/Jun/2002 11:05:52 13532] [error] SSL handshake failed (server www.test.web.creditagricol.fr:443, client 10.111.5.4) (OpenSSL library error follows)
[20/Jun/2002 11:05:52 13532] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
################################################################################################
Thanks in advance for your help.
Cordialement,
Pierre HURET
Mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
Ce message et toutes les pieces jointes sont a l'intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le detruire et d'en avertir immediatement l'expediteur.
Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute duplication, totale ou partielle, est interdite, sauf autorisation prealable.
L'internet ne permettant pas d'assurer l'integrite de ce message, nous declinons toute responsabilite au titre de ce message, dans l'hypothese ou il aurait ete modifie.
-------------------
This message and any attachements are intended solely for the addressees and are confidential. If you receive this message by error, please delete it and immediately notify the sender.
Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except previous approval.
The internet can not guarantee the integrity of this message. We will not therefore be liable for the message if modified.
---------------------------------------------------------------------
