Link to home
Start Free TrialLog in
Avatar of kernel-panic
kernel-panicFlag for United States of America

asked on

SSL Connection Failures

Apache 2.0.49

After restarting Apache today, I can't access any of my secure sites. I have 5 valid certs from Thawte that were working fine yesterday. I haven't made any changes to my ssl.conf. I checked the error logs, and it doesn't look like the browser is making any connection at all. Port 443 is open on the server. I can post conf file contents if necessary. Here are a couple of the failing sites:

https://secure.grayloon.com/
https://secure.escaladesports.com/
Avatar of kernel-panic
kernel-panic
Flag of United States of America image

ASKER

I found an OpenSSL test on Google that produced the following error (which I don't know how to diagnose):

[GL-Xserve:~] root# openssl s_client -connect secure.grayloon.com:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 000F86C0 [00149000] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00   ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02   ................
0060 - 00 80 1b b1 a2 51 49 e7-df 12 6d 9c 07 1b fe 75   .....QI...m....u
0070 - 3c 27 a0 8d 41 0b 1f f0-95 0b 2b 17 ef 86 2b 81   <'..A.....+...+.
0080 - 63 7a                                             cz
SSL_connect:SSLv2/v3 write client hello A
read from 000F86C0 [0014F000] (7 bytes => 7 (0x7))
0000 - 00 01 08 03 ff ff fc                              .......
SSL_connect:error in SSLv2/v3 read server hello A
23501:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:470:
Avatar of ahoffmann
ahoffmann
Flag of Germany image
check with folloing which ciphers are availanle:

openssl ciphers
Avatar of kernel-panic
kernel-panic
Flag of United States of America image

ASKER

[GL-Xserve:~] root# openssl ciphers
EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-MD5:DHE-DSS-RC4-SHA:IDEA-CBC-SHA:RC4-SHA:RC4-MD5:IDEA-CBC-MD5:RC2-CBC-MD5:RC4-MD5:RC4-64-MD5:EXP1024-DHE-DSS-RC4-SHA:EXP1024-RC4-SHA:EXP1024-DHE-DSS-DES-CBC-SHA:EXP1024-DES-CBC-SHA:EXP1024-RC2-CBC-MD5:EXP1024-RC4-MD5:EDH-RSA-DES-CBC-SHA:EDH-DSS-DES-CBC-SHA:DES-CBC-SHA:DES-CBC-MD5:EXP-EDH-RSA-DES-CBC-SHA:EXP-EDH-DSS-DES-CBC-SHA:EXP-DES-CBC-SHA:EXP-RC2-CBC-MD5:EXP-RC4-MD5:EXP-RC2-CBC-MD5:EXP-RC4-MD5
Avatar of kernel-panic
kernel-panic
Flag of United States of America image

ASKER

I've upped the points because I'm losing business, and I desperately need some help...
Avatar of kernel-panic
kernel-panic
Flag of United States of America image

ASKER

After restarting the entire server, everything seems to be up and running. No additional action needed.
ASKER CERTIFIED SOLUTION
Avatar of CetusMOD
CetusMOD
Flag of Netherlands image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial