This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Tomcat and the fly likes help with apache 2.0.40 + mod_ssl unknown protocol error Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "help with apache 2.0.40 + mod_ssl unknown protocol error " Watch "help with apache 2.0.40 + mod_ssl unknown protocol error " New topic
Author

help with apache 2.0.40 + mod_ssl unknown protocol error

achana chan
Ranch Hand

Joined: Jul 29, 2002
Posts: 277
Hiya.
I have apache 2.0.40 + mod_ssl talking OpenSSL with client browsers.
Things "seem" to work fine, client browsers such as MSIE5 and Netscape6.2 presents logon dialogue box and present certificate.
But when I test openssl with :
[ssl]# openssl s_client -connect localhost:443 -state -debug
I get the following "error" :
CONNECTED(00000003)
write to 0809D018 [0809D060] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 5c ec 7c 7c ............\.||
0060 - 60 b1 2a 84 93 cf ba f5-87 dc 22 63 27 83 c7 16 `.*......."c'...
0070 - f0 68 eb 8b 33 43 57 05-e8 5e a1 ef .h..3CW..^..
read from 0809D018 [080A25C0] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59 <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
1565:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:460:
I have looked at the source code and done some googling on the Net, seems a fairly common problem and has to do with "fine-tuning" httpd.conf, esp. where vhosts are concerned. No specifics though.
Does anyone know more about it and how to approach this problem ???
Is it something I need to be concerned about ??? It doesn't seem to compromise the encryption and transmission !!!
Some


humanum errare est.
Antony Miguel
Greenhorn

Joined: Aug 19, 2004
Posts: 1
I had this problem setting up Apache with SSL behind a DSL router.

I saw the same question in lots of places but couldn't find any answers on the web so I thought it would be useful to post one somewhere.

The problem was with my VirtualHost settings. My certificate was set up to have the common name be the external IP address of my router e.g. 81.150.201.107 and my VirtualHost looked like:

<VirtualHost 81.150.201.107:443>
SSLEngine On
SSLCertificateFile conf/ssl/MYHOST.cert
SSLCertificateKeyFile conf/ssl/MYHOST.key
</VirtualHost>

So it seemed to be ok. However, when I tried to access it I got the error above. In the end I had to add another VirtualHost entry which used the same certificate but specified the LAN IP address of the machine. So now my VirtualHost looked like:

<VirtualHost 81.150.201.107:443>
SSLEngine On
SSLCertificateFile conf/ssl/MYHOST.cert
SSLCertificateKeyFile conf/ssl/MYHOST.key
</VirtualHost>
<VirtualHost 192.168.1.100:443>
SSLEngine On
SSLCertificateFile conf/ssl/MYHOST.cert
SSLCertificateKeyFile conf/ssl/MYHOST.key
</VirtualHost>

where 81.150.201.107 was the external IP address of my router and 192.168.1.100 was the LAN IP address of the machine with the Apache server on it (which the router was forwarding port 443 to)

A Miguel
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: help with apache 2.0.40 + mod_ssl unknown protocol error
 
Similar Threads
Formlogin/Apache/SSL
javax.xml.ws.WebServiceException: Failed to access the WSDL
OC4J 10g StandAlone using HTTPS Tunneling Problem
SSL error
smartcardio.CardException: Card cryptogram invalid