Hello Mohammad I was facing simmilar issue, seems like mod_ssl need to be compiled with openssl 1.0.x or install system maintainer version (in my case it was 1.0.9h then recompile openssl and use --with-ssl=<yourpathtossllib> when compiling apache. Also you should disable SSL2 support when compilling openssl (
./config --prefix=/usr enable-shared -no-ssl2 ) The list of protocols available can later be limited using the SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the SSL_CTX_set_options() or SSL_set_options() functions. *Using these options it is possible to choose e.g. SSLv23_server_method() and be able to negotiate with all possible clients, but to only allow newer protocols like SSLv3 or TLSv1.* *hope this help* *best regards * *Pavol* On Mon, Oct 10, 2016 at 9:54 AM, noor mahammad <[email protected]> wrote: > hi team, > > When i enabled the mod_ssl modules, i seeing following information and i > am unable to get access the application installed on Apache-2.4.23 > > [Mon Oct 10 03:22:07.742398 2016] [ssl:info] [pid 30422:tid > 140074756327744] (os 0x02914968)Unrecognized resolver error: [client > 10.249.121.5:39231] AH02008: SSL library error 1 in handshake > [Mon Oct 10 03:22:07.742417 2016] [ssl:info] [pid 30422:tid > 140074756327744] SSL Library Error: error:1408F10B:SSL > routines:SSL3_GET_RECORD:wrong version number > > Graceful restart of the apache server is success, with the following logs, > [Mon Oct 10 03:19:12.040636 2016] [ssl:warn] [pid 2950:tid > 140074970879792] AH01917: Init: Name-based SSL virtual hosts require an > OpenSSL version with support for TLS extensions (RFC 6066 - Server Name > Indication / SNI), but the currently used library version (OpenSSL > 0.9.8e-fips-rhel5 01 Jul 2008) is lacking this feature > [Mon Oct 10 03:19:12.040672 2016] [ssl:info] [pid 2950:tid > 140074970879792] AH01876: mod_ssl/2.4.23 compiled against Server: > Apache/2.4.23, Library: OpenSSL/0.9.8e-rhel5 > [Mon Oct 10 03:19:12.040723 2016] [weblogic:notice] [pid 2950:tid > 140074970879792] WebLogic Server Plugin version 12.2.1.1.0 > <WLSPLUGINS_12.2.1.1.0_LINUX.X64_160606.1845> > [Mon Oct 10 03:19:12.040750 2016] [weblogic:info] [pid 2950:tid > 140074970879792] mod_weblogic: init_mod: mpm is threaded. > [Mon Oct 10 03:19:12.144633 2016] [mpm_worker:notice] [pid 2950:tid > 140074970879792] AH00292: Apache/2.4.23 (Unix) mod_jk/1.2.37 > OpenSSL/0.9.8e-fips-rhel5 Taleo Web Server 8 configured -- resuming normal > operations > [Mon Oct 10 03:19:12.144666 2016] [mpm_worker:info] [pid 2950:tid > 140074970879792] AH00293: Server built: Oct 4 2016 05:57:38 > > Could you please suggest how to fix it. > > Let me explain one more thing here, > 1. I am abe to run application succesfully on apache-2.4.23 without > loading mod_ssl. > 2. But when i load the mod_ssl i am unable to access the application url, > i didn't changes anything in application. Just i loaded mod_ssl thats it. > Could you suggest on it. > > Thanks, > Mahammad Noor > >
