httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Toomas Aas <>
Subject [users@httpd] Firefox SSL handshake error after Apache upgrade
Date Wed, 07 Oct 2009 19:34:54 GMT

I'm using Apache 2.2 with mod_ssl. Under the DocumentRoot of my SSL 
virtual host there is a subdirectory which requires client certificates. 
It has such .htaccess file:

------ .htaccess ------
SSLVerifyClient Require
SSLVerifyDepth 3
<FilesMatch "\.(shtml|php)$">
         SSLOptions +StdEnvVars +ExportCertData
------ .htaccess ------

This has been working for couple of years. Two weeks ago I upgraded Apache 
from 2.2.9 to 2.2.13. After that, Firefox users visiting this directory 
started to get this error page:

SSL peer was not expecting a handshake message it received.

(Error code: ssl_error_handshake_unexpected_alert)

When they click "Try again", the error condition clears and expected page 
is displayed.

MSIE did not show this behaviour, but when I tried with Firefox 3.0 and 
3.5 they both behave the same.

The error message in Apache log is:

[error] [client] Re-negotiation handshake failed: Not accepted 
by client!?

Since I didn't know what to do, I copied the section of httpd-ssl.conf 
which is meant to accommodate MSIE and modified it for Firefox:

BrowserMatch ".*Firefox.*" \
          nokeepalive ssl-unclean-shutdown \
          downgrade-1.0 force-response-1.0

That made the error go away. I could stop here and be satisfied with that, 
but I'm really curious about why this started happening, and most 
importantly, of course, who is guilty, Firefox or Apache ;) Or, if this is 
a case of PEBKAC, perhaps someone can point out what I'm doing wrong.


... When an agnostic dies, does he go to the "great perhaps"?

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message