kernel-panic
asked on
SSL Connection Failures
Apache 2.0.49
After restarting Apache today, I can't access any of my secure sites. I have 5 valid certs from Thawte that were working fine yesterday. I haven't made any changes to my ssl.conf. I checked the error logs, and it doesn't look like the browser is making any connection at all. Port 443 is open on the server. I can post conf file contents if necessary. Here are a couple of the failing sites:
https://secure.grayloon.com/
https://secure.escaladesports.com/
After restarting Apache today, I can't access any of my secure sites. I have 5 valid certs from Thawte that were working fine yesterday. I haven't made any changes to my ssl.conf. I checked the error logs, and it doesn't look like the browser is making any connection at all. Port 443 is open on the server. I can post conf file contents if necessary. Here are a couple of the failing sites:
https://secure.grayloon.com/
https://secure.escaladesports.com/
check with folloing which ciphers are availanle:
openssl ciphers
openssl ciphers
ASKER
[GL-Xserve:~] root# openssl ciphers
EDH-RSA-DES-CBC3-SHA:EDH-D SS-DES-CBC 3-SHA:DES- CBC3-SHA:D ES-CBC3-MD 5:DHE-DSS- RC4-SHA:ID EA-CBC-SHA :RC4-SHA:R C4-MD5:IDE A-CBC-MD5: RC2-CBC-MD 5:RC4-MD5: RC4-64-MD5 :EXP1024-D HE-DSS-RC4 -SHA:EXP10 24-RC4-SHA :EXP1024-D HE-DSS-DES -CBC-SHA:E XP1024-DES -CBC-SHA:E XP1024-RC2 -CBC-MD5:E XP1024-RC4 -MD5:EDH-R SA-DES-CBC -SHA:EDH-D SS-DES-CBC -SHA:DES-C BC-SHA:DES -CBC-MD5:E XP-EDH-RSA -DES-CBC-S HA:EXP-EDH -DSS-DES-C BC-SHA:EXP -DES-CBC-S HA:EXP-RC2 -CBC-MD5:E XP-RC4-MD5 :EXP-RC2-C BC-MD5:EXP -RC4-MD5
EDH-RSA-DES-CBC3-SHA:EDH-D
ASKER
I've upped the points because I'm losing business, and I desperately need some help...
ASKER
After restarting the entire server, everything seems to be up and running. No additional action needed.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
[GL-Xserve:~] root# openssl s_client -connect secure.grayloon.com:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect
write to 000F86C0 [00149000] (130 bytes => 130 (0x82))
0000 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ......W... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .........f......
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 ................
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...........@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 ................
0060 - 00 80 1b b1 a2 51 49 e7-df 12 6d 9c 07 1b fe 75 .....QI...m....u
0070 - 3c 27 a0 8d 41 0b 1f f0-95 0b 2b 17 ef 86 2b 81 <'..A.....+...+.
0080 - 63 7a cz
SSL_connect:SSLv2/v3 write client hello A
read from 000F86C0 [0014F000] (7 bytes => 7 (0x7))
0000 - 00 01 08 03 ff ff fc .......
SSL_connect:error in SSLv2/v3 read server hello A
23501:error:140770FC:SSL routines:SSL23_GET_SERVER_