Here is what I got when I put the loglevel to debug in httpd.conf
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1866): OpenSSL:
Handshake: start
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1874): OpenSSL:
Loop: before/accept initialization
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
read 11/11 bytes from BIO#7fa4600011a0 [mem: 7fa460006ac0] (BIO dump
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 16
03 00 00 2d 01 00 00-29 03                    ....-...).       |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0011 - <SPACES/NULS>
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
read 39/39 bytes from BIO#7fa4600011a0 [mem: 7fa460006acb] (BIO dump
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 4f
66 66 ec 02 5d 92 3d-4d db ee c7 10 f5 d5 43  Off..].=M......C |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0010: 3e
16 87 86 7b c9 a0 88-db 60 5a c8 f1 46 10 8f  >...{....`Z..F.. |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0020: 00
00 02 00 04 01                                ......           |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0039 - <SPACES/NULS>
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1884): OpenSSL:
Write: SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
Exit: error in SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
Exit: error in SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [info] [client] SSL library error
1 in handshake (server
[Mon Mar 19 06:51:12 2012] [info] SSL Library Error: 336109761
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Too
restrictive SSLCipherSuite or using DSA server certificate?
[Mon Mar 19 06:51:12 2012] [info] [client] Connection closed
to child 2 with abortive shutdown (server
quite strange, openssl s_client command can pass the SSL handshake while
this java application cannot.

openssl version is 0.9.8u

Welcome any inputs!


On Fri, Mar 16, 2012 at 1:50 AM, Mark Montague <> wrote:
> On March 15, 2012 13:31 , Aubrey Li <> wrote:
>> Thanks for your reply. here is the output of httpd -V. [...]
>>  -D HTTPD_ROOT="/export/bench/benchmarks/apache2"
>>  -D SUEXEC_BIN="/export/bench/benchmarks/apache2/bin/suexec"
>>  -D DEFAULT_PIDLOG="logs/"
>>  -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>>  -D DEFAULT_ERRORLOG="logs/error_log"
>>  -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>>  -D SERVER_CONFIG_FILE="conf/httpd.conf"
>>>> I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I made a
>>>> client
>>>> to create a connection to httpd but received a handshake failure report.
>>>> [...]
>>>> When I connect the client to the server(RHEL6.2), there is no
>>>> access_log, no err_log,
>>>> nothing added in /var/log/messages, it's very weird.
> So you are saying that you have a file at
> /export/bench/benchmarks/apache2/conf/httpd.conf that contains all of the
> correct directives to configure SSL, logging, and appropriate virtual hosts?
> And you are saying that no logs are appearing at
> /export/bench/benchmarks/apache2/logs/error_log nor at the location that you
> specify in your ErrorLog directive in
> /export/bench/benchmarks/apache2/conf/httpd.conf ?
> In this case, what user are you starting httpd as?  What are the values for
> the User and Group directives in
> /export/bench/benchmarks/apache2/conf/httpd.conf ? Do that user and group
> have write access to the place you are telling this version of httpd to
> write its error logs?
> Is this system running any Mandatory Access Control system such as SELinux,
> AppArmor, Tomoyo, or grsecurity that could be interferring with what this
> version of httpd is trying to do or where it is trying to do it?   If so,
> then check the log files for the Mandatory Access Control system that you
> are running to find out what the problem is.
> Hopefully other people on this list will have additional, and better,
> suggestions of things to check.
> --
>  Mark Montague

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to