File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Tomcat and the fly likes help with apache 2.0.40 + mod_ssl unknown protocol error Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "help with apache 2.0.40 + mod_ssl unknown protocol error " Watch "help with apache 2.0.40 + mod_ssl unknown protocol error " New topic
Author

help with apache 2.0.40 + mod_ssl unknown protocol error

achana chan
Ranch Hand

Joined: Jul 29, 2002
Posts: 277
Hiya.
I have apache 2.0.40 + mod_ssl talking OpenSSL with client browsers.
Things "seem" to work fine, client browsers such as MSIE5 and Netscape6.2 presents logon dialogue box and present certificate.
But when I test openssl with :
[ssl]# openssl s_client -connect localhost:443 -state -debug
I get the following "error" :
CONNECTED(00000003)
write to 0809D018 [0809D060] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 5c ec 7c 7c ............\.||
0060 - 60 b1 2a 84 93 cf ba f5-87 dc 22 63 27 83 c7 16 `.*......."c'...
0070 - f0 68 eb 8b 33 43 57 05-e8 5e a1 ef .h..3CW..^..
read from 0809D018 [080A25C0] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59 <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:460:
I have looked at the source code and done some googling on the Net, seems a fairly common problem and has to do with "fine-tuning" httpd.conf, esp. where vhosts are concerned. No specifics though.
Does anyone know more about it and how to approach this problem ???
Is it something I need to be concerned about ??? It doesn't seem to compromise the encryption and transmission !!!
Some


humanum errare est.
Antony Miguel
Greenhorn

Joined: Aug 19, 2004
Posts: 1
I had this problem setting up Apache with SSL behind a DSL router.

I saw the same question in lots of places but couldn't find any answers on the web so I thought it would be useful to post one somewhere.

The problem was with my VirtualHost settings. My certificate was set up to have the common name be the external IP address of my router e.g. 81.150.201.107 and my VirtualHost looked like:

<VirtualHost 81.150.201.107:443>
SSLEngine On
SSLCertificateFile conf/ssl/MYHOST.cert
SSLCertificateKeyFile conf/ssl/MYHOST.key
</VirtualHost>

So it seemed to be ok. However, when I tried to access it I got the error above. In the end I had to add another VirtualHost entry which used the same certificate but specified the LAN IP address of the machine. So now my VirtualHost looked like:

<VirtualHost 81.150.201.107:443>
SSLEngine On
SSLCertificateFile conf/ssl/MYHOST.cert
SSLCertificateKeyFile conf/ssl/MYHOST.key
</VirtualHost>
<VirtualHost 192.168.1.100:443>
SSLEngine On
SSLCertificateFile conf/ssl/MYHOST.cert
SSLCertificateKeyFile conf/ssl/MYHOST.key
</VirtualHost>

where 81.150.201.107 was the external IP address of my router and 192.168.1.100 was the LAN IP address of the machine with the Apache server on it (which the router was forwarding port 443 to)

A Miguel
 
jQuery in Action, 2nd edition
 
subject: help with apache 2.0.40 + mod_ssl unknown protocol error