Hello!
I'm using Apache 2.2 with mod_ssl. Under the DocumentRoot of my SSL
virtual host there is a subdirectory which requires client certificates.
It has such .htaccess file:
------ .htaccess ------
SSLVerifyClient Require
SSLVerifyDepth 3
<FilesMatch "\.(shtml|php)$">
SSLOptions +StdEnvVars +ExportCertData
</FilesMatch>
------ .htaccess ------
This has been working for couple of years. Two weeks ago I upgraded Apache
from 2.2.9 to 2.2.13. After that, Firefox users visiting this directory
started to get this error page:
SSL peer was not expecting a handshake message it received.
(Error code: ssl_error_handshake_unexpected_alert)
When they click "Try again", the error condition clears and expected page
is displayed.
MSIE did not show this behaviour, but when I tried with Firefox 3.0 and
3.5 they both behave the same.
The error message in Apache log is:
[error] [client 12.34.56.78] Re-negotiation handshake failed: Not accepted
by client!?
Since I didn't know what to do, I copied the section of httpd-ssl.conf
which is meant to accommodate MSIE and modified it for Firefox:
BrowserMatch ".*Firefox.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
That made the error go away. I could stop here and be satisfied with that,
but I'm really curious about why this started happening, and most
importantly, of course, who is guilty, Firefox or Apache ;) Or, if this is
a case of PEBKAC, perhaps someone can point out what I'm doing wrong.
--
Toomas
... When an agnostic dies, does he go to the "great perhaps"?
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
" from the digest: users-digest-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
