Following latest upgrade apache-2.2.14_5 ssl failure

Philip M. Gollucci pgollucci at p6m7g8.com
Fri Jan 22 21:29:01 UTC 2010 

David Southwell wrote:
> Can anyone please advise
I take 1 shot in the dark at what your asking since you didn't say --

> private key - pass phrase requested
You used  SSLPassPhraseDialog right ?

> permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:
> +EXP:+eNULL]
Yeah thats bad, you should be more strict
### SSL (PCI-compliant)
SSLEngine  On
SSLProxyEngine on

SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP


> [xxx.xxx.xxx.xxx]
kind of pointless if you leave the servername in below
> [Fri Jan 22 10:38:17 2010] [info] www.vizion2000.net:443 reusing existing RSA 

> [Fri Jan 22 10:38:20 2010] [notice] Apache/2.2.14 (FreeBSD) mod_ssl/2.2.14 
> OpenSSL/0.9.8l DAV/2 PHP/5.2.12 with Suhosin-Patch mod_python/3.3.1 
> Python/2.6.4 mod_ruby/1.3.0 Ruby/1.8.7(2009-12-24) SVN/1.6.6 configured -- 
Yeah, thats a non-optimal setup but hey.

> [Fri Jan 22 10:39:33 2010] [info] server seems busy, (you may need to increase 
> StartServers, or Min/MaxSpareServers), spawning 8 children, there are 2 idle, 
> and 12 total children
You'll definitely want to change your mpm settings to fix that

> [Fri Jan 22 10:39:35 2010] [info] [client ::1] SSL library error 1 in 
> handshake (server www.vizion2000.net:443)
> [Fri Jan 22 10:39:35 2010] [info] SSL Library Error: 336027900 
> error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking 
> not SSL to HTTPS port!?
You'll want to use https on https servers and http on http servers.
Check your httpd.conf for the LoadModule stuff and SSLEngine directives 
and be sure they are in the right scopes.


Nothing here thats not a local httpd.conf setup issue. You might get 
better help on users at httpd.apache.org with help with the specifics of 
these issues.


-- 
------------------------------------------------------------------------
1024D/DB9B8C1C B90B FBC3 A3A1 C71A 8E70  3F8C 75B8 8FFB DB9B 8C1C
Philip M. Gollucci (pgollucci at p6m7g8.com) c: 703.336.9354
VP Apache Infrastructure; Member, Apache Software Foundation
Committer,                        FreeBSD Foundation
Consultant,                       P6M7G8 Inc.
Sr. System Admin,                 Ridecharge Inc.

Work like you don't need the money,
love like you'll never get hurt,
and dance like nobody's watching.

More information about the freebsd-apache mailing list