FreeBSD SSL_Connect drama

FreeBSD SSL_Connect drama

am 15.07.2002 02:35:33 von Glen Vallance

Hi,

This problem doesn't sound like it should be that uncommon, but I can't find
any information on it.

Environment: FreeBSD 4.4, Apache 1.3.24, Mod SSL 2.8.8-1.3.24 [the right
one?]
Behaviour: "You cannot connect to sol.gropep.com.au because of an unknown
SSL error [-12281]"

Looking at the situation with openssl s_client I get:

sol# openssl s_client -connect sol.gropep.com.au:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0808D4C0 [0809E000] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 66 47 70 ab ............fGp.
0060 - 9a 01 13 69 a4 cb 78 16-98 f8 35 5e 7b 24 7a d0 ...i..x...5^{$z.
0070 - a7 fa 83 48 6a bf 36 32-a3 3e 3f 8d ...Hj.62.>?.
SSL_connect:SSLv2/v3 write client hello A
read from 0808D4C0 [080A4000] (7 bytes => 7 (0x7))
0000 - 0d 0a 0d 0a 3c 21 44 .... SSL_connect:error in SSLv2/v3 read server hello A
36827:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:/usr/s
rc/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s 23_clnt.c:462:


Something is wrong with the configuration?


Thanks,


Glen
_____________________________
Glen Vallance
Evolved Web Solutions Pty Ltd

glen@evolved.com.au
http://www.evolved.com.au/

Phone +61 8 8363 0616
Fax +61 8 8132 1497

This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error please notify info@evolved.com.au

Views expressed in this message are those of the individual sender, except
where the sender specifically states otherwise.
_____________________________


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: FreeBSD SSL_Connect drama

am 15.07.2002 09:44:16 von Lutz Jaenicke

On Mon, Jul 15, 2002 at 10:05:33AM +0930, Glen Vallance wrote:
> This problem doesn't sound like it should be that uncommon, but I can't find
> any information on it.

Once you saw the solution you will find, that the mailing list is full
of problems like these.

> read from 0808D4C0 [080A4000] (7 bytes => 7 (0x7))
> 0000 - 0d 0a 0d 0a 3c 21 44 .... > SSL_connect:error in SSLv2/v3 read server hello A
> 36827:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:/usr/s
> rc/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s 23_clnt.c:462:
>
> Something is wrong with the configuration?

Yes.

0d 0a 0d 0a 3c 21 44

carriage return
linefeed
carriage return
linefeed

is the start of a plain HTTP answer. Your server doesn't have SSL active
on port 443. Check your configuration.
Lutz
--
Lutz Jaenicke Lutz.Jaenicke@aet.TU-Cottbus.DE
http://www.aet.TU-Cottbus.DE/personen/jaenicke/
BTU Cottbus, Allgemeine Elektrotechnik
Universitaetsplatz 3-4, D-03044 Cottbus
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

AW: FreeBSD SSL_Connect drama

am 15.07.2002 12:48:27 von Andrew Smart

Since I solved this problem for my site last night, I can give you a hint:

My SSL virtual server definition contained the name of the domain in it,
just like my other virtual servers.
Because of some reasons I don't understand right now this seems to confuse
apache.
After I changed the SSL virtual server-definition to explicitly have the
IP-address of the server instead of the domain/server-name it worked fine.

Hope this helps,
Andrew


> -----Ursprüngliche Nachricht-----
> Von: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org]Im Auftrag von Glen Vallance
> Gesendet: Montag, 15. Juli 2002 02:36
> An: modssl-users@modssl.org
> Betreff: FreeBSD SSL_Connect drama
>
>
> Hi,
>
> This problem doesn't sound like it should be that uncommon, but I
> can't find
> any information on it.
>
> Environment: FreeBSD 4.4, Apache 1.3.24, Mod SSL 2.8.8-1.3.24 [the right
> one?]
> Behaviour: "You cannot connect to sol.gropep.com.au because of an unknown
> SSL error [-12281]"
>
> Looking at the situation with openssl s_client I get:
>
> sol# openssl s_client -connect sol.gropep.com.au:443 -state -debug
> CONNECTED(00000003)
> SSL_connect:before/connect initialization
> write to 0808D4C0 [0809E000] (124 bytes => 124 (0x7C))
> 0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
> 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
> 0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
> 0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
> 0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
> 0050 - 00 00 06 00 00 03 04 00-80 02 00 80 66 47 70 ab ............fGp.
> 0060 - 9a 01 13 69 a4 cb 78 16-98 f8 35 5e 7b 24 7a d0 ...i..x...5^{$z.
> 0070 - a7 fa 83 48 6a bf 36 32-a3 3e 3f 8d ...Hj.62.>?.
> SSL_connect:SSLv2/v3 write client hello A
> read from 0808D4C0 [080A4000] (7 bytes => 7 (0x7))
> 0000 - 0d 0a 0d 0a 3c 21 44 .... > SSL_connect:error in SSLv2/v3 read server hello A
> 36827:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
> protocol:/usr/s
> rc/secure/lib/libssl/../../../crypto/openssl/crypto/../ssl/s 23_clnt.c:462:
>
>
> Something is wrong with the configuration?
>
>
> Thanks,
>
>
> Glen
> _____________________________
> Glen Vallance
> Evolved Web Solutions Pty Ltd
>
> glen@evolved.com.au
> http://www.evolved.com.au/
>
> Phone +61 8 8363 0616
> Fax +61 8 8132 1497
>
> This email and any files transmitted with it are confidential and intended
> solely for the use of the individual or entity to whom they are addressed.
> If you have received this email in error please notify info@evolved.com.au
>
> Views expressed in this message are those of the individual sender, except
> where the sender specifically states otherwise.
> _____________________________
>
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org