Solved

SSL Connection Failures

Posted on 2004-08-20
7
370 Views
Last Modified: 2010-03-04
Apache 2.0.49

After restarting Apache today, I can't access any of my secure sites. I have 5 valid certs from Thawte that were working fine yesterday. I haven't made any changes to my ssl.conf. I checked the error logs, and it doesn't look like the browser is making any connection at all. Port 443 is open on the server. I can post conf file contents if necessary. Here are a couple of the failing sites:

https://secure.grayloon.com/
https://secure.escaladesports.com/
0
Comment
Question by:kernel-panic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
7 Comments
 

Author Comment

by:kernel-panic
ID: 11857172
I found an OpenSSL test on Google that produced the following error (which I don't know how to diagnose):

[GL-Xserve:~] root# openssl s_client -connect secure.grayloon.com:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 000F86C0 [00149000] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00   ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02   ................
0060 - 00 80 1b b1 a2 51 49 e7-df 12 6d 9c 07 1b fe 75   .....QI...m....u
0070 - 3c 27 a0 8d 41 0b 1f f0-95 0b 2b 17 ef 86 2b 81   <'..A.....+...+.
0080 - 63 7a                                             cz
SSL_connect:SSLv2/v3 write client hello A
read from 000F86C0 [0014F000] (7 bytes => 7 (0x7))
0000 - 00 01 08 03 ff ff fc                              .......
SSL_connect:error in SSLv2/v3 read server hello A
23501:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:470:
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 11858399
check with folloing which ciphers are availanle:

openssl ciphers
0
 

Author Comment

by:kernel-panic
ID: 11858776
[GL-Xserve:~] root# openssl ciphers
EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-DSS-RC4-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EXP1024-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 

Author Comment

by:kernel-panic
ID: 11864924
I've upped the points because I'm losing business, and I desperately need some help...
0
 

Author Comment

by:kernel-panic
ID: 11864971
After restarting the entire server, everything seems to be up and running. No additional action needed.
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
ID: 11917093
Closed, 500 points refunded.
CetusMOD
Community Support Moderator
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Over the last year I have answered a couple of basic URL rewriting questions several times so I thought I might as well have a stab at: explaining the basics, providing a few useful links and consolidating some of the most common queries into a sing…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question