httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Zac Stevens <...@cryptocracy.com>
Subject Re: [users@httpd] Problems with SSL All of a Sudden
Date Sat, 24 May 2003 23:53:11 GMT
On Sat, May 24, 2003 at 12:21:11PM -0400, Daniel R. Blair wrote:
> HTTP/1.1 400 Bad Request
> Date: Sat, 24 May 2003 18:25:43 GMT
> Server: Apache/2.0.43 (Unix) mod_ssl/2.0.43 OpenSSL/0.9.6b mod_jk/1.2.0
> PHP/4.2.

While it isn't directly the cause of the error, the fact that you're
running old versions of Apache and OpenSSL is a concern.  There have been
several security fixes to httpd since 2.0.43, and a large number of serious
security problems fixed since OpenSSL 0.9.6b.  It would be worth upgrading
at this point - and who knows, it might magically fix the problem :)

One thing I thought was odd is that your SSL virtualhost is defined on a
specific IP address, while netstat showed the binding on 0.0.0.0:443.  I
suspect that you have "Listen 443" elsewhere in your config?  

In any event, the error generated by using non-SSL on the SSL port seems
appropriate and comes from Apache.  That being the case, you may be
experiencing a more esoteric mod_ssl-specific error.  Is there another user
list for the mod_ssl which ships with Apache 2?  I'm not too sure...

You should probably also try bumping up your SSLLogLevel to 'info' or
perhaps 'trace' to see what is happening during an attempted SSL
connection.  Make sure when testing in this manner that you try at least a
couple of different browsers.

Cheers,


Zac


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message