httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Peter Rose <>
Subject [users@httpd] Fwd: secure connection works with ssl2 but not ssl3/tls
Date Thu, 28 Apr 2005 08:49:19 GMT

>I have been struggling with this problem for a while now, hopefully 
>someone here can point me in the right direction:

It seems to be an openssl problem rather than an apache problem, but I 
haven't had any response from that list so maybe someone here has 
experienced the same problem. Here it is:

>I have compiled openssl-0.9.6g on RedHat 8.0 and it passes make test and 
>installs OK.
>I then compiled and installed Apache-SSL 1.3.29+BenSSL-1.53, but https 
>connections only work if the browser is set to SSL2 only.
>I can't see anything wrong with the Apache configuration, so tested as 
>follows with the following results:
>openssl s_client -ssl3 -connect
>26858:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake 
>or, in debug mode I get the hex of the certificate displayed, it seems to 
>read all the fields but then ends with
>read from 0816CB80 [08172138] (5 bytes => 0 (0x0))
>25427:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake 
>I also get the following message written to the Apache error log when 
>attempting ssl3/tls connections:
>apache_ssl.c(298): error:1408C095:SSL routines:SSL3_GET_FINISHED:digest 
>check failed
>apache_ssl.c(2042): CIPHER is AES256-SHA
>apache_ssl.c(294): SSL_accept returned 0
>however, openssl s_client -ssl2 -connect connects 
>fine, reads the certificate and establishes the https connection.
>I am using self-signed certs for testing and have re-generated them 
>several times in case of error, but always with the same result.
>On an older server running RedHat 6.2 and Apache-SSL 1.3.12, 
>OpenSSL-0.9.5d, I have had no problems for four years.
>I have spent ages trawling the internet for this problem but have not 
>found a definitive solution.
>Guidance appreciated.
>Peter Rose
>London UK

I don't like your fashion business, mister -
   Leonard Cohen / First We Take Manhattan

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message