Solved

SSL Connection Failures

Posted on 2004-08-20
7
361 Views
Last Modified: 2010-03-04
Apache 2.0.49

After restarting Apache today, I can't access any of my secure sites. I have 5 valid certs from Thawte that were working fine yesterday. I haven't made any changes to my ssl.conf. I checked the error logs, and it doesn't look like the browser is making any connection at all. Port 443 is open on the server. I can post conf file contents if necessary. Here are a couple of the failing sites:

https://secure.grayloon.com/
https://secure.escaladesports.com/
0
Comment
Question by:kernel-panic
  • 4
7 Comments
 

Author Comment

by:kernel-panic
Comment Utility
I found an OpenSSL test on Google that produced the following error (which I don't know how to diagnose):

[GL-Xserve:~] root# openssl s_client -connect secure.grayloon.com:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 000F86C0 [00149000] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00   ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02   ................
0060 - 00 80 1b b1 a2 51 49 e7-df 12 6d 9c 07 1b fe 75   .....QI...m....u
0070 - 3c 27 a0 8d 41 0b 1f f0-95 0b 2b 17 ef 86 2b 81   <'..A.....+...+.
0080 - 63 7a                                             cz
SSL_connect:SSLv2/v3 write client hello A
read from 000F86C0 [0014F000] (7 bytes => 7 (0x7))
0000 - 00 01 08 03 ff ff fc                              .......
SSL_connect:error in SSLv2/v3 read server hello A
23501:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:470:
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
check with folloing which ciphers are availanle:

openssl ciphers
0
 

Author Comment

by:kernel-panic
Comment Utility
[GL-Xserve:~] root# openssl ciphers
EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-DSS-RC4-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EXP1024-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:kernel-panic
Comment Utility
I've upped the points because I'm losing business, and I desperately need some help...
0
 

Author Comment

by:kernel-panic
Comment Utility
After restarting the entire server, everything seems to be up and running. No additional action needed.
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
Comment Utility
Closed, 500 points refunded.
CetusMOD
Community Support Moderator
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

As Wikipedia explains 'robots.txt' as -- the robot exclusion standard, also known as the Robots Exclusion Protocol or robots.txt protocol, is a convention to prevent cooperating web spiders and other web robots from accessing all or part of a websit…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now