Mod-ssl and Apache

This is a multi-part message in MIME format.

------_=_NextPart_001_01C7F47F.4E3D277A
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

Not sure if these messages are getting through or not. I'm
having trouble with mod_ssl 2.0.55 and apache 2.0.55. The compile and
make goes fine, but when the server is running, and connections are made
via SSL, the child processes segfault. If mod_ssl is compiled into the
apache binary statically, the processes simple hang and build up until
the server can no longer handle the load. When compiled as a shared
module, the segfaults occur. Setting the loglevel to Debug results in
these errors:

=20

[Tue Sep 11 10:10:43 2007] [info] Connection to child 2 established
(server ourserver.name.scrubbed:8040, client )

[Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of entropy

[Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): OpenSSL: read
11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo

llows)

[Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459):
+----------------------------------------------------------- ------------

--+

[Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | 0000: 80 67
01 03 01 00 4e 00-00 00 10 .g....N.... =20

|

[Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1490):
+----------------------------------------------------------- ------------

--+

[Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake
(server ourserver.name.scrubbed:8040, client )

[Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900
error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol

speaking not SSL to HTTPS port!?

[Tue Sep 11 10:10:43 2007] [info] Connection to child 2 closed with
abortive shutdown(server ourserver.name.scrubbed:8040, scrubbed>)

=20

Thoughts anyone?

=20

-Aaron=20

=20


------_=_NextPart_001_01C7F47F.4E3D277A
Content-Type: text/html;
charset="US-ASCII"
Content-Transfer-Encoding: quoted-printable

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns=3D"http://www.w3.org/TR/REC-html40">


charset=3Dus-ascii">

Re: Mod-ssl and Apache

Considering this a mailing list for modssl 1.x not 2.x, which is part
of the apache distribution... you may need to seek help on the apache
mailing lists.

modssl 1.x =! modssl 2.x

On 9/11/07, Aaron Smith wrote:
>
>
>
>
> Not sure if these messages are getting through or not. I'm
> having trouble with mod_ssl 2.0.55 and apache 2.0.55. The compile and make
> goes fine, but when the server is running, and connections are made via SSL,
> the child processes segfault. If mod_ssl is compiled into the apache binary
> statically, the processes simple hang and build up until the server can no
> longer handle the load. When compiled as a shared module, the segfaults
> occur. Setting the loglevel to Debug results in these errors:
>
>
>
> [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 established (server
> ourserver.name.scrubbed:8040, client )
>
> [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of entropy
>
> [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): OpenSSL: read
> 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo
>
> llows)
>
> [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459):
> +----------------------------------------------------------- ------------
>
> --+
>
> [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | 0000: 80 67 01
> 03 01 00 4e 00-00 00 10 .g....N....
>
> |
>
> [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1490):
> +----------------------------------------------------------- ------------
>
> --+
>
> [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake (server
> ourserver.name.scrubbed:8040, client )
>
> [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> protocol
>
> speaking not SSL to HTTPS port!?
>
> [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 closed with abortive
> shutdown(server ourserver.name.scrubbed:8040, )
>
>
>
> Thoughts anyone?
>
>
>
> -Aaron
>
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Mod-ssl and Apache

Oh! My apologies. I thought this was a mailing list for mod_ssl
independent of version.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Yvo van Doorn
Sent: Tuesday, September 11, 2007 12:19 PM
To: modssl-users@modssl.org
Subject: Re: Mod-ssl and Apache

Considering this a mailing list for modssl 1.x not 2.x, which is part
of the apache distribution... you may need to seek help on the apache
mailing lists.

modssl 1.x =3D! modssl 2.x

On 9/11/07, Aaron Smith wrote:
>
>
>
>
> Not sure if these messages are getting through or not.
I'm
> having trouble with mod_ssl 2.0.55 and apache 2.0.55. The compile and
make
> goes fine, but when the server is running, and connections are made
via SSL,
> the child processes segfault. If mod_ssl is compiled into the apache
binary
> statically, the processes simple hang and build up until the server
can no
> longer handle the load. When compiled as a shared module, the
segfaults
> occur. Setting the loglevel to Debug results in these errors:
>
>
>
> [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 established
(server
> ourserver.name.scrubbed:8040, client )
>
> [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of
entropy
>
> [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): OpenSSL:
read
> 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo
>
> llows)
>
> [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459):
>
+----------------------------------------------------------- ------------
>
> --+
>
> [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | 0000: 80
67 01
> 03 01 00 4e 00-00 00 10 .g....N....
>
> |
>
> [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1490):
>
+----------------------------------------------------------- ------------
>
> --+
>
> [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake
(server
> ourserver.name.scrubbed:8040, client )
>
> [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> protocol
>
> speaking not SSL to HTTPS port!?
>
> [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 closed with
abortive
> shutdown(server ourserver.name.scrubbed:8040, )
>
>
>
> Thoughts anyone?
>
>
>
> -Aaron
>
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod-ssl and Apache

On Tue, Sep 11, 2007 at 01:10:20PM -0400, Aaron Smith wrote:
> Oh! My apologies. I thought this was a mailing list for mod_ssl
> independent of version.
>
It has been used for both versions over time - this is pretty much the
first time anyone complained.

vh

Mads Toftum
--
http://soulfood.dk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod-ssl and Apache

On 9/11/07, Mads Toftum wrote:
> On Tue, Sep 11, 2007 at 01:10:20PM -0400, Aaron Smith wrote:
> > Oh! My apologies. I thought this was a mailing list for mod_ssl
> > independent of version.
> >
> It has been used for both versions over time - this is pretty much the
> first time anyone complained.
>
> vh
>
> Mads Toftum
> --
> http://soulfood.dk
> ____________________________________________________________ __________

Its not really complaining, more in that modssl.org and its downloads
are geared for apache 1.3.x not apache 2.x as they took incorporated
modssl into the source thus you can pretty much expect better support
for apache 2.x related modules, incl. modssl, on the apache mailing
lists.
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod-ssl and Apache

On Tue, Sep 11, 2007 at 02:50:10PM -0700, Yvo van Doorn wrote:
> Its not really complaining, more in that modssl.org and its downloads
> are geared for apache 1.3.x not apache 2.x as they took incorporated
> modssl into the source thus you can pretty much expect better support
> for apache 2.x related modules, incl. modssl, on the apache mailing
> lists.

We did actually create a list for modssl over at httpd.apache.org, but
so far there's been no valid traffic (note to self: put the list on
http://httpd.apache.org/lists.html or shut it down).

vh

Mads Toftum
--
http://soulfood.dk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: Mod-ssl and Apache

"Considering this a mailing list for modssl 1.x not 2.x"

That's b*****ks, the modssl.org site clearly has the latest version
stated as 2.8.30 and the only link for a users mailing list is this
one.

Perhaps you'd like to inform us which list is for which version?

--- Aaron Smith wrote:

>=20
>=20
> Oh! My apologies. I thought this was a mailing list for mod_ssl
> independent of version.
>=20
> -----Original Message-----
> From: owner-modssl-users@modssl.org
> [mailto:owner-modssl-users@modssl.org] On Behalf Of Yvo van Doorn
> Sent: Tuesday, September 11, 2007 12:19 PM
> To: modssl-users@modssl.org
> Subject: Re: Mod-ssl and Apache
>=20
> Considering this a mailing list for modssl 1.x not 2.x, which is
> part
> of the apache distribution... you may need to seek help on the
> apache
> mailing lists.
>=20
> modssl 1.x =3D! modssl 2.x
>=20
> On 9/11/07, Aaron Smith wrote:
> >
> >
> >
> >
> > Not sure if these messages are getting through or
> not.
> I'm
> > having trouble with mod_ssl 2.0.55 and apache 2.0.55. The
> compile and
> make
> > goes fine, but when the server is running, and connections are
> made
> via SSL,
> > the child processes segfault. If mod_ssl is compiled into the
> apache
> binary
> > statically, the processes simple hang and build up until the
> server
> can no
> > longer handle the load. When compiled as a shared module, the
> segfaults
> > occur. Setting the loglevel to Debug results in these errors:
> >
> >
> >
> > [Tue Sep 11 10:10:43 2007] [info] Connection to child 2
> established
> (server
> > ourserver.name.scrubbed:8040, client )
> >
> > [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of
> entropy
> >
> > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512):
> OpenSSL:
> read
> > 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo
> >
> > llows)
> >
> > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459):
> >
>
+----------------------------------------------------------- ------------
> >
> > --+
> >
> > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | 0000:
> 80
> 67 01
> > 03 01 00 4e 00-00 00 10 .g....N....
> >
> > |
> >
> > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1490):
> >
>
+----------------------------------------------------------- ------------
> >
> > --+
> >
> > [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in
> handshake
> (server
> > ourserver.name.scrubbed:8040, client )
> >
> > [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900
> > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown
> > protocol
> >
> > speaking not SSL to HTTPS port!?
> >
> > [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 closed
> with
> abortive
> > shutdown(server ourserver.name.scrubbed:8040, > scrubbed>)
> >
> >
> >
> > Thoughts anyone?
> >
> >
> >
> > -Aaron
> >
> >
>
____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) =20
> www.modssl.org
> User Support Mailing List =20
> modssl-users@modssl.org
> Automated List Manager =20
> majordomo@modssl.org
>
____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) =20
> www.modssl.org
> User Support Mailing List =20
> modssl-users@modssl.org
> Automated List Manager =20
> majordomo@modssl.org
>=20



___________________________________________________________= 20
Want ideas for reducing your carbon footprint? Visit Yahoo! For Good htt=
p://uk.promotions.yahoo.com/forgood/environment.html
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: Mod-ssl and Apache

On Wed, Sep 12, 2007 at 09:55:52AM +0100, Glyn Astill wrote:
> "Considering this a mailing list for modssl 1.x not 2.x"
>
mod_ssl _for httpd 1.3_ not _modssl for httpd 2.x_. With httpd 2.x,
modssl is integrated and doesn't need an external patch. That being
said, I've seen quite a bit of httpd 2.x related modssl talk here and
not heard many complaints.

vh

Mads Toftum
--
http://soulfood.dk
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org