DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=29744 ------- Additional Comments From apache@nagilum.org 2006-03-20 20:58 ------- Ok, back to the subject, the good news first, s_client can connect through the proxy, no patch needed, but ONLY with ssl2! Then I tried sslwrap: (sslwrap -nocert -state -bugs -debug -ssl2 -port 443 -addr 10.1.1.1 -accept 2001) which yielded: SSL_accept:before/accept initialization SSL_accept:error in SSLv2 read client hello B ERROR 2411:error:140EC0AF:SSL routines:SSL2_READ_INTERNAL:non sslv2 initial packet:/cakebox/src/secure/lib/libssl/../../../crypto/openssl/ssl/s2_pkt.c:187: or similary for ssl3: SSL_accept:before/accept initialization SSL_accept:error in SSLv3 read client hello B ERROR 2416:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/cakebox/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:297: I also tried stunnel3: (stunnel3 -f -D 7 -c -d 2001 -r ns:443) 2006.03.20 21:35:12 LOG6[2378:134633472]: SSL connected: previous session reused 2006.03.20 21:35:17 LOG7[2378:134633472]: SSL alert (write): fatal: handshake failure 2006.03.20 21:35:17 LOG3[2378:134633472]: SSL_read: 1408F10B: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number 2006.03.20 21:35:17 LOG5[2378:134633472]: Connection reset: 44 bytes sent to SSL, 0 bytes sent to socket 2006.03.20 21:35:17 LOG7[2378:134633472]: stunnel3 finished (0 left) and finally s_client: (openssl s_client -connect cakebox:443 -tls1 -bugs -state -debug) fter sucessfully conting, requesting the tunnel aborts with: SSL3 alert write:fatal:protocol version 2431:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/cakebox/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:286: write to 0808D700 [080B4000] (37 bytes => 37 (0x25)) 0000 - 15 54 54 00 20 01 6e f3-14 fc bb f8 fc 4b 1e 3e .TT. .n......K.> 0010 - 7e 73 89 3a cb 3e f0 d2-43 e2 45 01 9b 12 88 dc ~s.:.>..C.E..... 0020 - ff 3e 90 5a ed .>.Z. SSL3 alert write:warning:close notify and very similar with ssl3: (openssl s_client -connect cakebox:443 -ssl3 -bugs -state -debug) SSL3 alert write:fatal:handshake failure 2451:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:/cakebox/src/secure/lib/libssl/../../../crypto/openssl/ssl/s3_pkt.c:286: write to 0808D700 [080B4000] (37 bytes => 37 (0x25)) 0000 - 15 54 54 00 20 14 70 c4-f8 7e b4 9d bc 18 5b a2 .TT. .p..~....[. 0010 - a4 66 33 43 7b 89 00 b8-75 25 7f 92 8e 8e 0a 64 .f3C{...u%.....d 0020 - b7 03 f3 46 80 ...F. SSL3 alert write:warning:close notify All of this was tested against Apache2.0.55 (FreeBSD) PHP/4.4.2 mod_ssl/2.0.55 running FreeBSD 6.1-PRERELEASE on the server and the client. OpenSSL 0.9.7e-p1 25 Oct 2004 was installed on both systems. I also applied the patch for 2.0.52 which still applies just fine on 2.0.55, but the behaviour didnt change. I hope this helps. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org For additional commands, e-mail: bugs-help@httpd.apache.org