From users-return-118173-archive-asf-public=cust-asf.ponee.io@httpd.apache.org Sat Nov 3 17:02:52 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id DC3EC18066B for ; Sat, 3 Nov 2018 17:02:51 +0100 (CET) Received: (qmail 1556 invoked by uid 500); 3 Nov 2018 16:02:44 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 1546 invoked by uid 99); 3 Nov 2018 16:02:44 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 03 Nov 2018 16:02:44 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 42F01180A12 for ; Sat, 3 Nov 2018 16:02:44 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.909 X-Spam-Level: X-Spam-Status: No, score=0.909 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, KAM_ASCII_DIVIDERS=0.8, SPF_PASS=-0.001, T_DKIM_INVALID=0.01] autolearn=disabled Authentication-Results: spamd3-us-west.apache.org (amavisd-new); dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=jwmhosting.com Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id QFwvWJ5UrSgd for ; Sat, 3 Nov 2018 16:02:39 +0000 (UTC) Received: from mx3.jwmhosting.com (jwmhosting.com [64.34.196.231]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id BDBC75F3BE for ; Sat, 3 Nov 2018 16:02:38 +0000 (UTC) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit DKIM-Signature: a=rsa-sha256; b=XXJ5+RryaRNBuEQqzVmPb9//jAConhEm1K2kbZFZcquMBL5wGMKkG2iaxBesnebJ8tzKi0ZQvU00jz9vaqU+7zzHTjoLykexm58W4RI4mT/h8Mz5m7AyChYE8O8RgWtw0FGk+KadtC26wiqEGRBO8q9cLGtX0Ai7hU2pxtyYcE8=; s=primary; c=relaxed/relaxed; d=jwmhosting.com; v=1; bh=5vlhQFZn7BIbDjaNyB6R6HugRU88zzBSI0AdjUpSqzs=; h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type; X-Processor-Root: true X-Processor-Authorized-Outbound: true X_JWMH_OUTBOUND: true X_JWMH_FLAG: $label3 X_JWMH_TGTFOLDER: Apache Forums.httpd Users X-Processor-Transport: true X-UserIsAuth: true X-MIME-Autoconverted: from 8bit to quoted-printable by Apache JAMES Received: from cpe-66-68-42-68.austin.res.rr.com (EHLO [192.168.0.202]) ([66.68.42.68]) by jwmhosting.com (JAMES SMTP Server ) with ESMTPA ID 464223634 for ; Sat, 03 Nov 2018 11:02:37 -0500 (CDT) To: users@httpd.apache.org References: <6a1c222a-1c20-b3b7-0dd3-34bb536c96b5@malcolms.com> <371f9085-224c-20cc-b542-16d1e3effe75@malcolms.com> From: Jerry Malcolm Message-ID: Date: Sat, 3 Nov 2018 11:02:31 -0500 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.9.1 In-Reply-To: <371f9085-224c-20cc-b542-16d1e3effe75@malcolms.com> Content-Language: en-US Subject: Re: [users@httpd] {Resolved] SSL Handshake Exception in call from Android I admit to knowing just enough about ssl/tls config to be dangerous.... When I first implemented SSL a couple of years ago, I had cloned the sslprotocol and cipher lines from a another httpd I was managing at the time (but did not set up...so no clue as to origin of the config).  It was working there, and it worked for me (at least with browsers).   It listed a bunch of cipher suites that I have no idea where they came from.  But obviously, it wasn't listing the one that Android was using.  Trying not to have to get a PhD in ssl/tls, I gave up trying to figure out from android docs what cipher would make android happy.  I decided to wipe out what I was using and replace with the default config specified in httpd_ssl.conf: SSLCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLProxyCipherSuite HIGH:MEDIUM:!MD5:!RC4:!3DES SSLHonorCipherOrder on SSLProtocol all -SSLv3 SSLProxyProtocol all -SSLv3 SSLPassPhraseDialog  builtin SSLSessionCache        "shmcb:c:/wamp/logs/ssl_scache(512000)" SSLSessionCacheTimeout  300 This config worked.  Apparently in lieu of specifying individual ciphers, this says just use 'any high or medium cipher'.  Good enough for me if both android and httpd are happy. On to the next problem.... Thanks as always for the help. Jerry On 11/2/2018 7:10 PM, Jerry Malcolm wrote: > Hi Jeffrey,  Thanks for the quick response. > > I set the LogLevel to debug.  I'm getting a ton of debug info > everywhere.  However, the https requests from my app are not even > showing up in any logs.... not even the virtual host access or error > logs or the apache system logs.  Nada... nothing.  As if the calls > were never made.  Just to make sure there wasn't something else wrong, > I changed https:// to http:// in my app, and everything works, > including a ton of debug info in all of the logs.  But as soon as I > use https, it looks like the requests aren't even making it into > httpd.  But again.... the whole site works fine in https when using a > browser. > > Any ideas?  Am I not looking at the right place for the logs? > > Jerry > > > On 11/2/2018 4:55 PM, Jeff Cauhape wrote: >> Jerry, >> >> Have you set LogLevel  to "debug" in httpd.conf and then check the >> sever error logs? >> Could be helpful to see what the server is objecting to. >> >> Jeffrey Cauhape – IT Professional III – Linux and Solaris Administrator >> Nevada Department of Employment, Training and Rehabilitation >> (775) 684-3804 (office)     jpcauhape@detr.nv.gov >> >> -----Original Message----- >> From: Jerry Malcolm [mailto:techstuff@malcolms.com] >> Sent: Friday, November 2, 2018 1:59 PM >> To: users@httpd.apache.org >> Subject: [users@httpd] SSL Handshake Exception in call from Android >> >> I am writing an Android app that needs to make calls to my httpd >> server (Apache 2.4.33).  I am getting the following exception in my >> Android app: >> >> Exception: javax.net.ssl.SSLHandshakeException: >> javax.net.ssl.SSLProtocolException: SSL handshake aborted: >> ssl=0x809adc78: Failure in SSL library, usually a protocol error >>       error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert >> handshake failure (external/openssl/ssl/s23_clnt.c:744 >> 0x725e0cfc:0x00000000) >> >> The same Android app calls Google Maps https with no problem and also >> calls another server with https that I do not own with no problem.  >> So I'm assuming I have something wrong in my httpd config.  But I >> need some help figuring it out. >> >> The same web site responds just fine to https calls from browsers.  >> It just doesn't work when called from my Android app. It also works >> fine if I use http instead of https.  But I need https. >> >> Suggestions as to what might be wrong? >> >> Thx. >> >> Jerry >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> For additional commands, e-mail: users-help@httpd.apache.org >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org >> For additional commands, e-mail: users-help@httpd.apache.org > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org