Re: Apache SSL proxy to Weblogic fails

Fri, 19 Sep 2014 11:12:07 -0700 

Hi, Aaron...

On 09/19/2014 01:04 PM, Stromas, Aaron wrote:


Greetings,


I am looking for  help with a problem I've ran into a using 
mod_proxy/mod_ssl. The Apache HTTP server on SLES 11 SP3 64 bit, 
OpenSSL 1.0.1.f acts as SSL proxy to the Weblogic 10.3 running on 
Redhat. The mod_ssl is configured correctly - it works when proxying 
to SSL connections to non-SSL serves. Also, the certificate on the 
proxy was issued with extensions allowing it to be used as both SSL 
client and server.



Yet, the Apache proxy fails connection over SSL to the Weblogic’s 
HTTPS port. Below is the excerpt from the Apache errors log. Any 
advice will be gerately appreciated. TIA



<snip>

[Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1940): OpenSSL: 
Exit: error in SSLv2/v3 read server hello A



[Thu Sep 18 09:32:14 2014] [info] [client 10.40.0.224] SSL Proxy 
connect failed



[Thu Sep 18 09:32:14 2014] [info] SSL Library Error: 336032784 
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert 
handshake failure



[Thu Sep 18 09:32:14 2014] [info] [client 10.40.0.224] Connection 
closed to child 0 with abortive shutdown (server aaproxiedel1:443)



[Thu Sep 18 09:32:14 2014] [error] (502)Unknown error 502: proxy: pass 
request body failed to 10.40.0.224:8102 (appdev2.example.com)



[Thu Sep 18 09:32:14 2014] [error] [client 141.1.3.134] proxy: Error 
during SSL Handshake with remote server returned by /auth/logon.jsp



[Thu Sep 18 09:32:14 2014] [error] proxy: pass request body failed to 
10.40.0.224:8102 (appdev2.example.com) from 141.1.3.134 ()



[Thu Sep 18 09:32:14 2014] [debug] proxy_util.c(2040): proxy: HTTPS: 
has released connection for (appdev2.example.com)



[Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1921): OpenSSL: 
Write: SSL negotiation finished successfully



[Thu Sep 18 09:32:14 2014] [info] [client 141.1.3.134] Connection 
closed to child 2 with standard shutdown (server aaproxiedel1:443)



What cipher suites is the server behind the proxy set to accept, and 
what version of SSL is that server using?


--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC                www.2rosenthals.com
visit my IT blog                www.2rosenthals.net/wordpress
IRS Circular 230 Disclosure applies   see www.2rosenthals.com
-------------------------------------------------------------


--
This email was Anti Virus checked by Astaro Security Gateway. 
http://www.astaro.com
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org






















					Reply via email to