• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

help with apache 2.0.40 + mod_ssl unknown protocol error

 
achana chan
Ranch Hand
Posts: 277
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hiya.
I have apache 2.0.40 + mod_ssl talking OpenSSL with client browsers.
Things "seem" to work fine, client browsers such as MSIE5 and Netscape6.2 presents logon dialogue box and present certificate.
But when I test openssl with :
[ssl]# openssl s_client -connect localhost:443 -state -debug
I get the following "error" :
CONNECTED(00000003)
write to 0809D018 [0809D060] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 5c ec 7c 7c ............\.||
0060 - 60 b1 2a 84 93 cf ba f5-87 dc 22 63 27 83 c7 16 `.*......."c'...
0070 - f0 68 eb 8b 33 43 57 05-e8 5e a1 ef .h..3CW..^..
read from 0809D018 [080A25C0] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59 <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:460:
I have looked at the source code and done some googling on the Net, seems a fairly common problem and has to do with "fine-tuning" httpd.conf, esp. where vhosts are concerned. No specifics though.
Does anyone know more about it and how to approach this problem ???
Is it something I need to be concerned about ??? It doesn't seem to compromise the encryption and transmission !!!
Some
 
Antony Miguel
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I had this problem setting up Apache with SSL behind a DSL router.

I saw the same question in lots of places but couldn't find any answers on the web so I thought it would be useful to post one somewhere.

The problem was with my VirtualHost settings. My certificate was set up to have the common name be the external IP address of my router e.g. 81.150.201.107 and my VirtualHost looked like:

<VirtualHost 81.150.201.107:443>
SSLEngine On
SSLCertificateFile conf/ssl/MYHOST.cert
SSLCertificateKeyFile conf/ssl/MYHOST.key
</VirtualHost>

So it seemed to be ok. However, when I tried to access it I got the error above. In the end I had to add another VirtualHost entry which used the same certificate but specified the LAN IP address of the machine. So now my VirtualHost looked like:

<VirtualHost 81.150.201.107:443>
SSLEngine On
SSLCertificateFile conf/ssl/MYHOST.cert
SSLCertificateKeyFile conf/ssl/MYHOST.key
</VirtualHost>
<VirtualHost 192.168.1.100:443>
SSLEngine On
SSLCertificateFile conf/ssl/MYHOST.cert
SSLCertificateKeyFile conf/ssl/MYHOST.key
</VirtualHost>

where 81.150.201.107 was the external IP address of my router and 192.168.1.100 was the LAN IP address of the machine with the Apache server on it (which the router was forwarding port 443 to)

A Miguel
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic