httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andres Morey <and...@octopart.com>
Subject Re: [users@httpd] SSL ERRORS
Date Wed, 04 Mar 2009 18:25:11 GMT
I don't think the problem is talking to port 443 with HTTP. Here's the  
apache response when I access http://localhost:443/:


Bad Request

Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.


This is the error I am getting after every request:
(70007)The timeout specified has expired: SSL input filter read failed.

and these are the errors I get after a graceful restart:
SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML  
error page
SSL Library Error: 336027804 error:1407609C:SSL  
routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS  
port!?

If possible, could you set your LogLevel to info to see if you are  
seeing these errors as well? I have noticed these errors with Apache  
2.2.11 on linux and on OS X. I'm attaching my apache config file to  
this email.

Thanks for helping me debug this!

-Andres



Listen 80
Listen 443

LoadModule ssl_module  modules/mod_ssl.so

ServerName example
ServerAdmin admin@example.com
ServerRoot "/usr/local/apache2"
ServerSignature Off
ServerTokens Prod

DocumentRoot "/usr/local/apache2/htdocs"

LogLevel info
ErrorLog logs/error_log

Timeout 300
KeepAlive on
MaxKeepAliveRequests 100
KeepAliveTimeout 15

MinSpareServers 8
MaxSpareServers 16
MaxClients 256
MaxRequestsPerChild 100000

DefaultType text/plain
FileETag none
AllowEncodedSlashes On


<IfModule !mpm_netware_module>
User daemon
Group daemon
</IfModule>


SSLSessionCache        "shmcb:/usr/local/apache2/logs/ 
ssl_scache(512000)"
SSLSessionCacheTimeout  300
BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0  
force-response-1.0


NameVirtualHost *:80
NameVirtualHost *:443

<VirtualHost *:80>
     SSLEngine off

     <Directory />
         Options FollowSymLinks
         AllowOverride None
         Order deny,allow
         Deny from all
     </Directory>

     <Directory /usr/local/apache2/htdocs>
         Order allow,deny
         Allow from all
     </Directory>
</VirtualHost>

<VirtualHost *:443>
     SSLEngine on
     SSLCertificateFile /usr/local/apache2/conf/sslcerts/_.example.crt
     SSLCertificateKeyFile /usr/local/apache2/conf/sslcerts/ 
_.example.key
     SSLCertificateChainFile /usr/local/apache2/conf/sslcerts/ 
gd_bundle.crt

     <Directory />
         Options FollowSymLinks
         AllowOverride None
	Order deny,allow
         Deny from all
     </Directory>

     <Directory /usr/local/apache2/htdocs>
         Order allow,deny
         Allow from all
     </Directory>
</VirtualHost>


<IfModule mime_module>
     TypesConfig conf/mime.types
     AddType application/x-compress .Z
     AddType application/x-gzip .gz .tgz
</IfModule>






On Mar 4, 2009, at 9:55 AM, Eric Covener wrote:

> On Wed, Mar 4, 2009 at 9:41 AM, Andres Morey <andres@octopart.com>  
> wrote:
>> Hi All,
>>
>> If you turn on your LogLevel to info you will see the following  
>> errors in
>> your apache log:
>>
>> (70007)The timeout specified has expired: SSL input filter read  
>> failed.
>> SSL library error 1 in handshake
>> SSL Library Error: 336027900 error:140760FC:SSL
>> routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL  
>> to HTTPS
>> port!?
>> Connection closed to child 9 with abortive shutdown
>>
>> This is extremely worrying. Does anybody know how to fix these SSL  
>> errors?
>
> Your connecting a to a HTTP port with HTTPS.   It's probably just your
> config -- maybe you have <virtualhsot *> and need *:80 and *:443?
>
> A quick check is to connect to port 443 with HTTP and see if you get  
> a response.
>
> -- 
> Eric Covener
> covener@gmail.com
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server  
> Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


Mime
View raw message