| View previous topic :: View next topic |
| Author |
Message |
hardkaare
n00b
Joined: 07 Nov 2003
Posts: 37
Location: denmark
|
 Posted: Fri Jun 24, 2005 10:33 am Post subject: Apache2 ssl, getting error 12281 in browser. |
 |
|
Hi
I have a problem with apache and ssl, I can't access my ssl sites anymore.
everytime I try i get the 12281 error in my browser.
It happned after I have runned etc-update and installed jboss, and restarted apache2.
I have uninstalled jboss, and looked in my config files, but they seems to ok.
I can see that apache is listning on 443, with netstat -nat, and I can also telnet to it, but if I execute a get command it gives me the code from the first ssl vhost in the list.
I have also tryed to recompile apache2 and openssl, and make new certs, with no luck.
the only error I can produce is this one:
| Code: |
openssl s_client -connect emailweb.dk:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 080B17C0 [080B1808] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 8e bf ................
0070 - 52 a9 5d f4 da cf 32 ef-42 ce d2 dd 3c bc e7 a8 R.]...2.B...<...
0080 - 6b 64 b4 61 b0 35 ad 61-44 3a 8d c4 de f9 kd.a.5.aD:....
SSL_connect:SSLv2/v3 write client hello A
read from 080B17C0 [080B6D68] (7 bytes => 7 (0x7))
0000 - 3c 21 44 4f 43 54 59 <!DOCTY
SSL_connect:error in SSLv2/v3 read server hello A
12314:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:478:
|
App versions:
| Code: | [ebuild R ] net-www/apache-2.0.54-r7 +berkdb -debug -doc +gdbm +ipv6 -ldap +ssl -static -threads 0 kB
[ebuild R ] dev-libs/openssl-0.9.7e-r1 -bindist -debug -emacs -test 0 kB
[ebuild R ] dev-php/php-4.3.11 -X +berkdb +crypt -curl -debug -doc -fdftk -firebird -flash -freetds +gd -gd-external +gdbm -gmp -hardenedphp +imap -informix +ipv6 +java* +jpeg -kerberos -ldap -mcal -memlimit -mssql +mysql +ncurses +nls -oci8 -odbc +pam +pdflib +png -postgres -qt +readline -snmp +spell +ssl +tiff +truetype +xml2 -yaz 0 kB
[ebuild R ] dev-php/mod_php-4.3.11 -X +apache2 +berkdb +crypt -curl -debug -doc -fdftk -firebird -flash -freetds +gd -gd-external +gdbm -gmp -hardenedphp +imap -informix +ipv6 +java* +jpeg -kerberos -ldap -mcal -memlimit -mssql +mysql +nls -oci8 -odbc +pam +pdflib +png -postgres -qt -snmp +spell +ssl +tiff +truetype +xml2 -yaz 0 kB |
Hope someone can help.
Best Regards.
Kaare
[/code] |
|
| Back to top |
|
 |
tuxmin
l33t
Joined: 24 Apr 2004
Posts: 838
Location: Heidelberg
|
| Posted: Sun Jun 26, 2005 6:28 am Post subject: |
|
|
I'd say although your apache listens on port 443 it does not speak https on this port.
If you telnet to a https port the first thing you should see is the SSL handshake protocol. You shouldn't get anything human readable when typing GET!
Edit: Do you have "-D SSL" in you /etc/conf.d/apache2?
Hth, Alex!!!
_________________
ALT-F4 |
|
| Back to top |
|
|
drax_
n00b
Joined: 18 Mar 2005
Posts: 32
Location: France
|
| Posted: Sun Jun 26, 2005 1:33 pm Post subject: |
|
|
As tuxmin said, make sure the SSL stuff is loaded. Look at your /server-info (if you set it up). And the vhost has SSLEngine on, etc.....
What does /var/log/apach.... have to say about this when you request a page? |
|
| Back to top |
|
|
hardkaare
n00b
Joined: 07 Nov 2003
Posts: 37
Location: denmark
|
| Posted: Sun Jun 26, 2005 7:26 pm Post subject: |
|
|
HI and thx for the anwsers.
Loks like all vhosts need SSLEngine on, now
Before I could just se the default 443 vhost with SSLEngine one, hmm
So know im putting SSLEngine on in every 443 <virtualhost>
I was told that in apache 2.1 and newver you can just do i like this listen ip:443 https
Thx for helping me out. |
|
| Back to top |
|
|
|
Networking & Security
