On 19 September 2014 22:34, Stromas, Aaron <aaron.stro...@rsa.com> wrote:
> Greetings, > > > > I am looking for help with a problem I've ran into a using > mod_proxy/mod_ssl. The Apache HTTP server on SLES 11 SP3 64 bit, OpenSSL > 1.0.1.f acts as SSL proxy to the Weblogic 10.3 running on Redhat. The > mod_ssl is configured correctly - it works when proxying to SSL connections > to non-SSL serves. Also, the certificate on the proxy was issued with > extensions allowing it to be used as both SSL client and server. > > > > Yet, the Apache proxy fails connection over SSL to the Weblogic’s HTTPS > port. Below is the excerpt from the Apache errors log. Any advice will be > gerately appreciated. TIA > > > > [Thu Sep 18 09:32:14 2014] [debug] mod_proxy.c(1036): Running scheme https > handler (attempt 0) > > [Thu Sep 18 09:32:14 2014] [debug] mod_proxy_http.c(1995): proxy: HTTP: > serving URL https://appdev2.example.com:8102/auth/logon.jsp?aa_param=user > > [Thu Sep 18 09:32:14 2014] [debug] proxy_util.c(2022): proxy: HTTPS: has > acquired connection for (appdev2.example.com) > > [Thu Sep 18 09:32:14 2014] [debug] proxy_util.c(2078): proxy: connecting > https://appdev2.example.com:8102/auth/logon.jsp?aa_param=user to > appdev2.example.com:8102 > > [Thu Sep 18 09:32:14 2014] [debug] proxy_util.c(2236): proxy: connected > /auth/logon.jsp?aa_param=user to appdev2.example.com:8102 > > [Thu Sep 18 09:32:14 2014] [debug] proxy_util.c(2487): proxy: HTTPS: fam 2 > socket created to connect to appdev2.example.com > > [Thu Sep 18 09:32:14 2014] [debug] proxy_util.c(2619): proxy: HTTPS: > connection complete to 10.40.0.224:8102 (appdev2.example.com) > > [Thu Sep 18 09:32:14 2014] [info] [client 10.40.0.224] Connection to child > 0 established (server aaproxiedel1:443) > > [Thu Sep 18 09:32:14 2014] [info] Seeding PRNG with 144 bytes of entropy > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_io.c(1090): [client > 10.40.0.224] SNI extension for SSL Proxy request set to ' > appdev2.example.com' > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1903): OpenSSL: > Handshake: start > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1911): OpenSSL: > Loop: before/connect initialization > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1911): OpenSSL: > Loop: SSLv2/v3 write client hello A > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_io.c(1939): OpenSSL: read > 7/7 bytes from BIO#994fe0 [mem: 9ea880] (BIO dump follows) > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_io.c(1872): > +-------------------------------------------------------------------------+ > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_io.c(1911): | 0000: 15 03 00 > 00 02 02 28 ......( | > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_io.c(1917): > +-------------------------------------------------------------------------+ > Content type 15 is alert. > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1916): OpenSSL: > Read: SSLv2/v3 read server hello A > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1940): OpenSSL: > Exit: error in SSLv2/v3 read server hello A > > [Thu Sep 18 09:32:14 2014] [info] [client 10.40.0.224] SSL Proxy connect > failed > > [Thu Sep 18 09:32:14 2014] [info] SSL Library Error: 336032784 > error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure > > [Thu Sep 18 09:32:14 2014] [info] [client 10.40.0.224] Connection closed > to child 0 with abortive shutdown (server aaproxiedel1:443) > > [Thu Sep 18 09:32:14 2014] [error] (502)Unknown error 502: proxy: pass > request body failed to 10.40.0.224:8102 (appdev2.example.com) > > [Thu Sep 18 09:32:14 2014] [error] [client 141.1.3.134] proxy: Error > during SSL Handshake with remote server returned by /auth/logon.jsp > > [Thu Sep 18 09:32:14 2014] [error] proxy: pass request body failed to > 10.40.0.224:8102 (appdev2.example.com) from 141.1.3.134 () > > [Thu Sep 18 09:32:14 2014] [debug] proxy_util.c(2040): proxy: HTTPS: has > released connection for (appdev2.example.com) > > [Thu Sep 18 09:32:14 2014] [debug] ssl_engine_kernel.c(1921): OpenSSL: > Write: SSL negotiation finished successfully > > [Thu Sep 18 09:32:14 2014] [info] [client 141.1.3.134] Connection closed > to child 2 with standard shutdown (server aaproxiedel1:443) > > > > Best regards, > > > > -a > ------------------------------ > > *Aaron Stromas | ** RSA ** The Security Division of EMC | Practice > Consultant | Identity & Fraud Protection Practice | M – 240 271 64 58 | > aaron.stro...@rsa.com <aaron.stro...@rsa.com>* > > >
