Quantcast

[users@httpd] SSL ERRORS

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[users@httpd] SSL ERRORS

Andres Morey
Hi All,

If you turn on your LogLevel to info you will see the following errors  
in your apache log:

(70007)The timeout specified has expired: SSL input filter read failed.
SSL library error 1 in handshake
SSL Library Error: 336027900 error:140760FC:SSL  
routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to  
HTTPS port!?
Connection closed to child 9 with abortive shutdown

This is extremely worrying. Does anybody know how to fix these SSL  
errors?

Thanks,
Andres


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [hidden email]
   "   from the digest: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [users@httpd] SSL ERRORS

Eric Covener
On Wed, Mar 4, 2009 at 9:41 AM, Andres Morey <[hidden email]> wrote:

> Hi All,
>
> If you turn on your LogLevel to info you will see the following errors in
> your apache log:
>
> (70007)The timeout specified has expired: SSL input filter read failed.
> SSL library error 1 in handshake
> SSL Library Error: 336027900 error:140760FC:SSL
> routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS
> port!?
> Connection closed to child 9 with abortive shutdown
>
> This is extremely worrying. Does anybody know how to fix these SSL errors?

Your connecting a to a HTTP port with HTTPS.   It's probably just your
config -- maybe you have <virtualhsot *> and need *:80 and *:443?

A quick check is to connect to port 443 with HTTP and see if you get a response.

--
Eric Covener
[hidden email]

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [hidden email]
   "   from the digest: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [users@httpd] SSL ERRORS

Andres Morey
I don't think the problem is talking to port 443 with HTTP. Here's the apache response when I access http://localhost:443/:


Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.


This is the error I am getting after every request:
(70007)The timeout specified has expired: SSL input filter read failed.

and these are the errors I get after a graceful restart:
SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?

If possible, could you set your LogLevel to info to see if you are seeing these errors as well? I have noticed these errors with Apache 2.2.11 on linux and on OS X. I'm attaching my apache config file to this email.

Thanks for helping me debug this!

-Andres



Listen 80
Listen 443

LoadModule ssl_module  modules/mod_ssl.so

ServerName example
ServerAdmin [hidden email]
ServerRoot "/usr/local/apache2"
ServerSignature Off
ServerTokens Prod

DocumentRoot "/usr/local/apache2/htdocs"

LogLevel info
ErrorLog logs/error_log

Timeout 300
KeepAlive on
MaxKeepAliveRequests 100
KeepAliveTimeout 15

MinSpareServers 8
MaxSpareServers 16
MaxClients 256
MaxRequestsPerChild 100000

DefaultType text/plain
FileETag none
AllowEncodedSlashes On


<IfModule !mpm_netware_module>
User daemon
Group daemon
</IfModule>


SSLSessionCache        "shmcb:/usr/local/apache2/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0


NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
    SSLEngine off

    <Directory />
        Options FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
    </Directory>

    <Directory /usr/local/apache2/htdocs>
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>

<VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /usr/local/apache2/conf/sslcerts/_.example.crt
    SSLCertificateKeyFile /usr/local/apache2/conf/sslcerts/_.example.key
    SSLCertificateChainFile /usr/local/apache2/conf/sslcerts/gd_bundle.crt

    <Directory />
        Options FollowSymLinks
        AllowOverride None
Order deny,allow
        Deny from all
    </Directory>

    <Directory /usr/local/apache2/htdocs>
        Order allow,deny
        Allow from all
    </Directory>
</VirtualHost>


<IfModule mime_module>
    TypesConfig conf/mime.types
    AddType application/x-compress .Z
    AddType application/x-gzip .gz .tgz
</IfModule>





On Mar 4, 2009, at 9:55 AM, Eric Covener wrote:

On Wed, Mar 4, 2009 at 9:41 AM, Andres Morey <[hidden email]> wrote:
Hi All,

If you turn on your LogLevel to info you will see the following errors in
your apache log:

(70007)The timeout specified has expired: SSL input filter read failed.
SSL library error 1 in handshake
SSL Library Error: 336027900 error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS
port!?
Connection closed to child 9 with abortive shutdown

This is extremely worrying. Does anybody know how to fix these SSL errors?

Your connecting a to a HTTP port with HTTPS.   It's probably just your
config -- maybe you have <virtualhsot *> and need *:80 and *:443?

A quick check is to connect to port 443 with HTTP and see if you get a response.

--
Eric Covener
[hidden email]

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [hidden email]
  "   from the digest: [hidden email]
For additional commands, e-mail: [hidden email]


Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [users@httpd] SSL ERRORS

Andres Morey
In reply to this post by Andres Morey
The problem isn't talking to port 443 with HTTP because accessing http://localhost:443/ gives me a "Bad Request" error.

This is the error I am getting after every request:

(70007)The timeout specified has expired: SSL input filter read failed.

and these are the errors I get after a graceful restart:

SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?

If possible, could you set your LogLevel to info to see if you are seeing these errors as well? I have noticed these errors with Apache 2.2.11 on linux and on OS X. I'm attaching my apache config file to this email.

Thanks for helping me debug this!

-Andres





On Mar 4, 2009, at 9:55 AM, Eric Covener wrote:
On Wed, Mar 4, 2009 at 9:41 AM, Andres Morey <[hidden email]> wrote:
Hi All,

If you turn on your LogLevel to info you will see the following errors in
your apache log:

(70007)The timeout specified has expired: SSL input filter read failed.
SSL library error 1 in handshake
SSL Library Error: 336027900 error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS
port!?
Connection closed to child 9 with abortive shutdown

This is extremely worrying. Does anybody know how to fix these SSL errors?

Your connecting a to a HTTP port with HTTPS.   It's probably just your
config -- maybe you have <virtualhsot *> and need *:80 and *:443?

A quick check is to connect to port 443 with HTTP and see if you get a response.

-- 
Eric Covener
[hidden email]

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [hidden email]
  "   from the digest: [hidden email]
For additional commands, e-mail: [hidden email]


httpd.conf (1K) Download Attachment
Loading...