Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Invalid method in request: Apache/1.3.33 mod_ssl/2.8.22 OpenSSL/0.9.7e

Posted on 2005-04-07
5
Medium Priority
?
1,596 Views
Last Modified: 2008-01-09
I was under the impression I had a working SSL-capable Apache server but I'm clearly mistaken.

Any attempts to access the SSL protected port fails with the error log file containing content like:

[Wed Apr  6 17:16:07 2005] [error] [client nn.nn.nn.9] Invalid method in request \\x80g\\x01\\x03

I find lots of references to this error log entry when I GOOGLE it, however no suggestions other than "your SSL configuration is screwed up, dude.."  Hey, I can tell that, I just don't know what
is screwed up about it.  Problem is URGENT so points is 500.

My configuration reads as follows; the private key was generated locally (using a different
host) and the public key is at test certificate from cacert.org and will expire next year:
....
Listen nn.nn.nn.140:8443
<IfModule mod_ssl.c>
Listen nn.nn.nn.140:443
</IfModule>
...
ServerAdmin jlw+apache.NOSSL@xxx.edu
<ifModule mod_ssl.c>
ServerAdmin jlw+apache.ssl@xxx.edu
</IfModule>
...
<IfDefine SSL>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfDefine>
...
<IfModule mod_ssl.c>
SSLPassPhraseDialog  builtin
SSLSessionCache         dbm:/dlt/webservers/apaches_test/logs/ssl_scache
SSLSessionCacheTimeout  300
SSLMutex  file:/dlt/webservers/apaches_test/logs/ssl_mutex
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLLog      /dlt/webservers/apaches_test/logs/ssl_engine_log
SSLLogLevel info
</IfModule>
...
<IfDefine SSL>
<VirtualHost _default_:443>
DocumentRoot "/dlt/webservers/apaches_test/htdocs"
ServerName tramp.xxx.edu
ServerAdmin postmaster+tramp.ssl@xxx.edu
ErrorLog /dlt/webservers/apaches_test/logs/error_log
TransferLog /dlt/webservers/apaches_test/logs/access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /dlt/webservers/apaches_test/certs/tramp.pubkey
SSLCertificateKeyFile /dlt/webservers/apaches_test/certs/tramp.privkey
#SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/dlt/webservers/apaches_test/techsmart/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
...
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog /dlt/webservers/apaches_test/logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>



0
Comment
Question by:jlw011597
  • 2
4 Comments
 
LVL 4

Expert Comment

by:armeen
ID: 13731197
The error in the log means that ssl is screwed or not running as it isn't decrypting the request.

If you set the LogLevel to debug and run apache from the command line what (if any) messages do you get about ssl?

plus what os is this?
0
 

Author Comment

by:jlw011597
ID: 13731720
Changed LogLevel and SSLLogLevel both to debug.

No change in the error log or the SSLLog file (no additional information)

OS is Solaris 9.
0
 

Author Comment

by:jlw011597
ID: 13735691
I guess this can probably be closed off -- a colleage observed the COMBINATION of
<IfModule mod_ssl.c></IfModule> conditionals and <IfDefine SSL></IfDefine>
conditionals, and pointed out that if the <IfModule> ones were TRUE, but the <IfDefine>
ones were FALSE, it could cause this behavior.

He was right.  The server was being started/restarted/stopped with a version of
apachectl that did not support the "startssl" parameter (the httpd.exe was compiled to EXPECT one),  and by changing apachectl for one that did accept "startssl" as a parameter and using
it, the server now works as expected.

How do we want to do this?  The particular problem and its resolution could in theory be useful  as a PAQ, but since I solved the problem myself with no assist from Experts' Exchange, I don't feel right giving away my 500 points.
0
 

Accepted Solution

by:
PashaMod earned 0 total points
ID: 13800098
Closed, 500 points refunded.
PashaMod
Community Support Moderator @ Experts Exchange
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you've heard about htaccess and it sounds like it does what you want, but you're not sure how it works... well, you're in the right place. Read on. Some Basics #1. It's a file and its filename is .htaccess (yes, with a dot in the front). #…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Suggested Courses
Course of the Month13 days, 5 hours left to enroll

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question