httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Jackie.W...@barclayscapital.com>
Subject [users@httpd] ssl_error_handshake_unexpected_alert with firefox
Date Mon, 20 Sep 2010 16:34:35 GMT
Hi,

I am running apache 2.2.15 with openssl 0.9.8k. I have a site configured to authenticate with
user certs. The problem is that when I assess the site with firefox 3.6.9, it works fine,
but when I assess it with 3.6.2 or older versions of firefox, it doesn't work. In the browser,
the following error message is shown:

SSL peer was not expecting a handshake message it received.
(Error code: ssl_error_handshake_unexpected_alert)

At the beginning of the log, I see this:

[Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read client
hello A
[Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server
hello A
[Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write certificate
A
[Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1274): [client 10.125.236.119] handing
out temporary 1024 bit DH key
[Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write key
exchange A
[Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server
done A
[Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 flush data

And at the end of the log, I see this:

[Mon Sep 20 11:20:58 2010] [debug] ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client
key exchange A
[Mon Sep 20 11:20:58 2010] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3
read client key exchange A
[Mon Sep 20 11:20:58 2010] [error] [client 10.125.236.119] Re-negotiation handshake failed:
Not accepted by client!?


Note that the "handing out temporary 1024 bit DH key" line does not exist in the log when
I am using firefox 3.6.9. I have also tested it with IE6 and IE8. All work fine and the "handing
out temporary ..." line is not in the log. I suspect this is what is causing the issue.

Can someone please advise?

Thanks.

Regards,
Jackie


_______________________________________________

This e-mail may contain information that is confidential, privileged or otherwise protected
from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or
redistribute it by any means. Please delete it and any attachments and notify the sender that
you have received it in error. Unless specifically indicated, this e-mail is not an offer
to buy or sell or a solicitation to buy or sell any securities, investment products or other
financial product or service, an official confirmation of any transaction, or an official
statement of Barclays. Any views or opinions presented are solely those of the author and
do not necessarily represent those of Barclays. This e-mail is subject to terms available
at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent
to the foregoing.  Barclays Capital is the investment banking division of Barclays Bank PLC,
a company registered in England (number 1026167) with its registered office at 1 Churchill
Place, London, E14 5HP.  This email may relate to or be sent from other members of the Barclays
Group.
_______________________________________________

Mime
View raw message