Hi, I am running apache 2.2.15 with openssl 0.9.8k. I have a site configured to authenticate with user certs. The problem is that when I assess the site with firefox 3.6.9, it works fine, but when I assess it with 3.6.2 or older versions of firefox, it doesn't work. In the browser, the following error message is shown:
SSL peer was not expecting a handshake message it received. (Error code: ssl_error_handshake_unexpected_alert) At the beginning of the log, I see this: [Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read client hello A [Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server hello A [Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write certificate A [Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1274): [client 10.125.236.119] handing out temporary 1024 bit DH key [Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write key exchange A [Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server done A [Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 flush data And at the end of the log, I see this: [Mon Sep 20 11:20:58 2010] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client key exchange A [Mon Sep 20 11:20:58 2010] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client key exchange A [Mon Sep 20 11:20:58 2010] [error] [client 10.125.236.119] Re-negotiation handshake failed: Not accepted by client!? Note that the "handing out temporary 1024 bit DH key" line does not exist in the log when I am using firefox 3.6.9. I have also tested it with IE6 and IE8. All work fine and the "handing out temporary ..." line is not in the log. I suspect this is what is causing the issue. Can someone please advise? Thanks. Regards, Jackie _______________________________________________ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. _______________________________________________
