httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From IT Professional <zhilia...@yahoo.com.sg>
Subject [users@httpd] Handshake Failure
Date Wed, 01 Nov 2006 10:37:26 GMT
Apache and OpenSSL version information:
Apache 2.2.3
OpenSSL 0.9.9-dev
Build Apache with OpenSSL:
perl Configure VC-WIN32 --prefix=D:/wwww/Apache22/bin
ms\do_nasm
nmake -f ms\ntdll.mak
perl util\mkdef.pl
REmove /WX in ntdll.mak
Install OpenSSL
nmake -f ms\ntdll.mak install
Compile Apache22 using Visual Express C++ Express Edition
Apache log:
[Wed Nov 01 17:48:45 2006] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Nov 01 17:48:46 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Nov 01 17:48:48 2006] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Nov 01 17:48:48 2006] [info] Init: Initializing (virtual) servers for SSL
[Wed Nov 01 17:48:48 2006] [info] Server: Apache/2.2.3, Interface: mod_ssl/2.2.3, Library:
OpenSSL/0.9.9-dev
[Wed Nov 01 17:48:48 2006] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Nov 01 17:48:49 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Nov 01 17:48:51 2006] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Nov 01 17:48:51 2006] [info] Shared memory session cache initialised
[Wed Nov 01 17:48:51 2006] [info] Init: Initializing (virtual) servers for SSL
[Wed Nov 01 17:48:51 2006] [info] Server: Apache/2.2.3, Interface: mod_ssl/2.2.3, Library:
OpenSSL/0.9.9-dev
[Wed Nov 01 17:48:51 2006] [notice] Apache/2.2.3 (Win32) mod_ssl/2.2.3 OpenSSL/0.9.9-dev configured
-- resuming normal operations
[Wed Nov 01 17:48:51 2006] [notice] Server built: Oct 26 2006 14:54:56
[Wed Nov 01 17:48:51 2006] [notice] Parent: Created child process 2188
[Wed Nov 01 17:48:51 2006] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Nov 01 17:48:51 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Nov 01 17:48:53 2006] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Nov 01 17:48:53 2006] [info] Init: Initializing (virtual) servers for SSL
[Wed Nov 01 17:48:53 2006] [info] Server: Apache/2.2.3, Interface: mod_ssl/2.2.3, Library:
OpenSSL/0.9.9-dev
[Wed Nov 01 17:48:53 2006] [info] Init: Seeding PRNG with 144 bytes of entropy
[Wed Nov 01 17:48:54 2006] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Wed Nov 01 17:48:55 2006] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Wed Nov 01 17:48:55 2006] [info] Shared memory session cache initialised
[Wed Nov 01 17:48:55 2006] [info] Init: Initializing (virtual) servers for SSL
[Wed Nov 01 17:48:55 2006] [info] Server: Apache/2.2.3, Interface: mod_ssl/2.2.3, Library:
OpenSSL/0.9.9-dev
[Wed Nov 01 17:48:56 2006] [notice] Child 2188: Child process is running
[Wed Nov 01 17:48:56 2006] [info] Parent: Duplicating socket 232 and sending it to child process
2188
[Wed Nov 01 17:48:56 2006] [info] Parent: Duplicating socket 228 and sending it to child process
2188
[Wed Nov 01 17:48:56 2006] [notice] Child 2188: Acquired the start mutex.
[Wed Nov 01 17:48:56 2006] [notice] Child 2188: Starting 250 worker threads.
[Wed Nov 01 17:48:56 2006] [notice] Child 2188: Starting thread to listen on port 443.
[Wed Nov 01 17:48:56 2006] [notice] Child 2188: Starting thread to listen on port 80.
Error Log:
[Wed Nov 01 17:48:46 2006] [info] Loading certificate & private key of SSL-aware server
[Wed Nov 01 17:48:48 2006] [info] Configuring server for SSL protocol
[Wed Nov 01 17:48:49 2006] [info] Loading certificate & private key of SSL-aware server
[Wed Nov 01 17:48:51 2006] [info] Configuring server for SSL protocol
[Wed Nov 01 17:48:51 2006] [info] Loading certificate & private key of SSL-aware server
[Wed Nov 01 17:48:53 2006] [info] Configuring server for SSL protocol
[Wed Nov 01 17:48:54 2006] [info] Loading certificate & private key of SSL-aware server
[Wed Nov 01 17:48:55 2006] [info] Configuring server for SSL protocol
====================================================================================================================
Problem:
Tried using Firefox to browse the site hosted by SSL-aware Apache server and was unsuccessful.
Error: 'Firefox can't connect securely to localhost because the site uses a security protocol
which isn't enabled.'
Using about:config, I've verifed that SSL3 is enabled on Firefox.
Also, firefox was able to connect to openssl s_server (openssl s_server -cert secp521.crt
-key secp521.key -www), 
verifying that Firefox is able to connect to a ECC enabled site.
I then tried with openssl s_client -connect localhost:443 -debug -state
Output from:
Loading 'screen' into random state - done
CONNECTED(000002C8)
SSL_connect:before/connect initialization
write to 0x8ed0b8 [0x8ed828] (190 bytes => 190 (0xBE))
0000 - 80 bc 01 03 01 00 93 00-00 00 20 00 c0 14 00 c0   .......... .....
0010 - 0a 00 00 39 00 00 38 00-00 88 00 00 87 00 c0 0f   ...9..8.........
0020 - 00 c0 05 00 00 35 00 00-84 00 c0 12 00 c0 08 00   .....5..........
0030 - 00 16 00 00 13 00 c0 0d-00 c0 03 00 00 0a 07 00   ................
0040 - c0 00 c0 13 00 c0 09 00-00 33 00 00 32 00 00 45   .........3..2..E
0050 - 00 00 44 00 c0 0e 00 c0-04 00 00 2f 00 00 41 00   ..D......../..A.
0060 - 00 07 05 00 80 03 00 80-00 c0 11 00 c0 07 00 c0   ................
0070 - 0c 00 c0 02 00 00 05 00-00 04 01 00 80 00 00 15   ................
0080 - 00 00 12 00 00 09 06 00-40 00 00 14 00 00 11 00   ........@.......
0090 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 c0 37   ...............7
00a0 - 14 71 30 d5 7e 94 f2 4d-87 61 93 ff db 52 06 fa   .q0.~..M.a...R..
00b0 - 31 e5 67 e3 42 05 9a b9-04 3a fe cb 3d 95         1.g.B....:..=.
SSL_connect:SSLv2/v3 write client hello A
read from 0x8ed0b8 [0x8f2d88] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28                              ......(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
2668:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake fa
ilure:.\ssl\s23_clnt.c:609:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 190 bytes
---
New, (NONE), Cipher is (NONE)
Compression: NONE
Expansion: NONE

I'm totally puzzled why the handshake failed. Any advice is greatly appreciated.

Thanks in advance!


	

	
		
__________________________________ 
What is the internet to you? 
Contribute to the Yahoo! Time Capsule and be a part of internet history. 
http://timecapsule.yahoo.com/capsule.php?intl=sg

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message