httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pavol Eisenberg <pavol.eisenb...@gmail.com>
Subject Re: [users@httpd] [Mon Oct 10 03:22:04.996806 2016] [ssl:info] [pid 30422:tid 140074806683968] SSL Library Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
Date Mon, 10 Oct 2016 08:35:53 GMT
Hello Mohammad

I was facing simmilar issue, seems like mod_ssl need to be compiled with
openssl 1.0.x or install system maintainer version (in my case it was
1.0.9h then recompile openssl and use --with-ssl=<yourpathtossllib>  when
compiling apache. Also you should disable SSL2 support when compilling
openssl (

./config --prefix=/usr enable-shared -no-ssl2 )


The list of protocols available can later be limited using the
  SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the
  SSL_CTX_set_options() or SSL_set_options() functions.

*Using these
  options it is possible to choose e.g. SSLv23_server_method() and be
  able to negotiate with all possible clients, but to only allow newer
  protocols like SSLv3 or TLSv1.*



*hope this help*



*best regards *


*Pavol*



On Mon, Oct 10, 2016 at 9:54 AM, noor mahammad <mahammad4noor@gmail.com>
wrote:

> hi team,
>
> When i enabled the mod_ssl modules, i seeing following information and i
> am unable to get access the application installed on Apache-2.4.23
>
> [Mon Oct 10 03:22:07.742398 2016] [ssl:info] [pid 30422:tid
> 140074756327744] (os 0x02914968)Unrecognized resolver error: [client
> 10.249.121.5:39231] AH02008: SSL library error 1 in handshake
> [Mon Oct 10 03:22:07.742417 2016] [ssl:info] [pid 30422:tid
> 140074756327744] SSL Library Error: error:1408F10B:SSL
> routines:SSL3_GET_RECORD:wrong version number
>
> Graceful restart of the apache server is success, with the following logs,
> [Mon Oct 10 03:19:12.040636 2016] [ssl:warn] [pid 2950:tid
> 140074970879792] AH01917: Init: Name-based SSL virtual hosts require an
> OpenSSL version with support for TLS extensions (RFC 6066 - Server Name
> Indication / SNI), but the currently used library version (OpenSSL
> 0.9.8e-fips-rhel5 01 Jul 2008) is lacking this feature
> [Mon Oct 10 03:19:12.040672 2016] [ssl:info] [pid 2950:tid
> 140074970879792] AH01876: mod_ssl/2.4.23 compiled against Server:
> Apache/2.4.23, Library: OpenSSL/0.9.8e-rhel5
> [Mon Oct 10 03:19:12.040723 2016] [weblogic:notice] [pid 2950:tid
> 140074970879792] WebLogic Server Plugin version 12.2.1.1.0
> <WLSPLUGINS_12.2.1.1.0_LINUX.X64_160606.1845>
> [Mon Oct 10 03:19:12.040750 2016] [weblogic:info] [pid 2950:tid
> 140074970879792] mod_weblogic: init_mod: mpm is threaded.
> [Mon Oct 10 03:19:12.144633 2016] [mpm_worker:notice] [pid 2950:tid
> 140074970879792] AH00292: Apache/2.4.23 (Unix) mod_jk/1.2.37
> OpenSSL/0.9.8e-fips-rhel5 Taleo Web Server 8 configured -- resuming normal
> operations
> [Mon Oct 10 03:19:12.144666 2016] [mpm_worker:info] [pid 2950:tid
> 140074970879792] AH00293: Server built: Oct  4 2016 05:57:38
>
> Could you please suggest how to fix it.
>
> Let me explain one more thing here,
> 1. I am abe to run application succesfully on apache-2.4.23 without
> loading mod_ssl.
> 2. But when i load the mod_ssl i am unable to access the application url,
> i didn't changes anything in application. Just i loaded mod_ssl thats it.
> Could you suggest on it.
>
> Thanks,
> Mahammad Noor
>
>

Mime
View raw message