SSL not working with apache

SSL not working with apache

am 02.09.2004 18:20:45 von Philip Lavine

I can not get ssl to work:

Here are my specs:

/usr/sbin/httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
/usr/sbin/httpd -v

Server version: Apache/2.0.40
Server built: Apr 21 2004 11:49:03

OpenSSL> version
OpenSSL 0.9.7a Feb 19 2003
OpenSSL>


[root@ahotep2 init.d]# openssl s_client -connect family.lavines.com:443
-state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 080AED40 [080AFD10] (142 bytes =3D> 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c...
...9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0
8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00
...3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00
..............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40
b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00
...e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 fd 9f
.................
0070 - 96 57 a8 0a 82 6f d4 9b-bd 12 2f 0b 81 c9 df cc
..W...o..../.....
0080 - 01 f4 4c b0 26 2b 5b 67-63 2a 9a 17 c1 a4 ..L.&+[gc*....
SSL_connect:SSLv2/v3 write client hello A
read from 080AED40 [080B5270] (7 bytes =3D> 7 (0x7))
0000 - 0a 3c 3f 78 6d 6c . 0007 -
SSL_connect:error in SSLv2/v3 read server hello A
25921:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:

Philip Lavine

Network Engineer

UNX, Inc.

Member NASD/SIPC

philip@unx.com

v: (818) 333-3387 f: (818) 559-5586

175 East Olive Ave, 2nd Floor

Burbank, CA 91502

********************************************************

The information contained in this communication is intended only for the
personal and confidential use of the designated recipients to which it
is addressed. This communication may contain information that is
privileged, confidential or otherwise protected from disclosure. If the
reader of this message is not the designated recipient, you are hereby
notified that you have received this communication in error, and that
any review, dissemination, retention, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify us by telephone at (818)333-3300
or by e-mail and discard any paper copies and/or delete all electronic
files of this communication.


____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSL not working with apache

am 02.09.2004 21:42:34 von Mads Toftum

On Thu, Sep 02, 2004 at 09:20:45AM -0700, Philip Lavine wrote:
[SNIP]
> SSL_connect:SSLv2/v3 write client hello A
> read from 080AED40 [080B5270] (7 bytes => 7 (0x7))
> 0000 - 0a 3c 3f 78 6d 6c . ^^^^^

You certainly shouldn't see that if the connection was encrypted -
you probably forgot SSLEngine on in your virtual host.

vh

Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

RE: SSL not working with apache

am 02.09.2004 21:54:49 von Philip Lavine

I wish it was that easy, however I do have that statement in my ssl.conf
virtual host directives.

-----Original Message-----
From: owner-modssl-users@modssl.org
[mailto:owner-modssl-users@modssl.org] On Behalf Of Mads Toftum
Sent: Thursday, September 02, 2004 12:43 PM
To: modssl-users@modssl.org
Subject: Re: SSL not working with apache

On Thu, Sep 02, 2004 at 09:20:45AM -0700, Philip Lavine wrote:
[SNIP]
> SSL_connect:SSLv2/v3 write client hello A
> read from 080AED40 [080B5270] (7 bytes =3D> 7 (0x7))
> 0000 - 0a 3c 3f 78 6d 6c . ^^^^^

You certainly shouldn't see that if the connection was encrypted -
you probably forgot SSLEngine on in your virtual host.

vh

Mads Toftum
--=20
`Darn it, who spiked my coffee with water?!' - lwall

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org