[NCLUG] Apache/mod_ssl question
Rich Young
rich at experienceplus.com
Mon Mar 15 16:26:52 MST 2004
Thanks for replying, Steve.
> Can you verify that the
> SSL traffic is hitting your server on the correct port? The
> fact that you aren't getting anything in your ssl logs
> indicates that the SSL connections may be hitting your HTTP
> port and not your HTTPS one.
No, I'm pretty sure traffic is getting through to 443 -- the openssl
connection indicates that the problem occurs at GET_SERVER_HELLO:
SSL_connect:error in SSLv2/v3 read server hello A
29706:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown
protocol:s23_clnt.c:475:
Earlier today, I was convinced that it was related to the new firewall
we've installed, but now it seems that it more likely has to do with me
monkeying about with the configuration since the firewall installation.
As in, the firewall installation broke it, then I broke it doubly while
trying to fix it. I'm going to do a line-for-line comparison of the
httpd.conf and ssl.conf files from a pristine Apache and our server
tonight to try to ferret out the problem. I also have a consultant
looking at the problem, though he hasn't suffered any flashes of insight
yet. We'll see....
--Rich
More information about the NCLUG
mailing list