Hello, > I apologize in advance if this is not the correct forum for this > question. I haven’t had much luck in the apache forums. I have an > apache 2.0.55 installation that I’m attempting to recompile on an > HP-UX 11 system. It has mod_ssl 2.0.66 and I have OpenSSL 0.9.8d > installed in /opt/openssl098d. The system itself apparently has an > older version of OpenSSL (0.9.7e) installed in /usr/local. We have > apache running on this system just fine, but I have to recompile in > order to add LDAP support. If I take a fresh tarball of apache-2.0.55 > and do a configure, make, make install, everything completes without > error. Doing an LDD of the httpd binary shows it linked to the > OpenSSL 0.9.8d libraries in /opt/openssl098d/lib. The server starts > up without issue, but when I connect (with apache in debug mode), I > get this:
> [Tue Sep 11 10:10:43 2007] [info] Connection to child 2 established > (server ourserver.name.scrubbed:8040, client <client IP scrubbed>) > [Tue Sep 11 10:10:43 2007] [info] Seeding PRNG with 136 bytes of > entropy > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1512): OpenSSL: > read 11/11 bytes from BIO#401a3500 [mem: 401aabb0] (BIO dump fo > llows) > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1459): > +----------------------------------------------------------------------- > --+ > [Tue Sep 11 10:10:43 2007] [debug] ssl_engine_io.c(1484): | 0000: 80 > 67 01 03 01 00 4e 00-00 00 10 .g....N.... This looks like SSL2 client hello with TLS1 proposition. > [Tue Sep 11 10:10:43 2007] [info] SSL library error 1 in handshake > (server ourserver.name.scrubbed:8040, client <client IP scrubbed>) > > [Tue Sep 11 10:10:43 2007] [info] SSL Library Error: 336027900 > error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol > speaking not SSL to HTTPS port!? Maybe you have only SSL3 enabled on server, in this case OpenSSL refuses SSL2 client hello (GNUTLS accepts). Check connection over SSL with commads: $ openssl s_client -connect ip:port -ssl2 $ openssl s_client -connect ip:port -ssl3 $ openssl s_client -connect ip:port -tls1 is any of this command working ? Maybe you should modify Apache SSLProtocol directive. Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
