Solved

SSL Library error

Posted on 2008-10-29
2
1,505 Views
Last Modified: 2010-10-05
From few months I face SSL crashes on my web server. After the crash, SSL connection is not working and I have to restart apache. It is hard to track it, because it happens randomly. I attach part of ssl log from the time SSL is down. I digged up in the internet looking for this error, but couldn't find exactly the same.

According to log's 'malloc failure' info, you might find useful my computer memory amount, it's 8GB.
[Thu Sep 18 21:09:09 2008] [info] [client 217.157.174.28] Connection to child 104 established (server www.myplace.com:443)
[Thu Sep 18 21:09:09 2008] [info] Seeding PRNG with 136 bytes of entropy
[Thu Sep 18 21:09:09 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Thu Sep 18 21:09:09 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
[Thu Sep 18 21:09:09 2008] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Thu Sep 18 21:09:09 2008] [info] [client 217.157.174.28] (os 0x1b5fcdb0)Unrecognized Win32 error code 459263408: SSL library error 1 in handshake (server www.myplace.com:443)
[Thu Sep 18 21:09:09 2008] [info] SSL Library Error: 336183361 error:1409C041:SSL routines:SSL3_SETUP_BUFFERS:malloc failure
[Thu Sep 18 21:09:09 2008] [info] [client 217.157.174.28] Connection closed to child 104 with abortive shutdown (server www.myplace.com:443)
[Thu Sep 18 21:09:09 2008] [info] [client 212.17.141.57] Connection to child 283 established (server www.myplace.com:443)
[Thu Sep 18 21:09:09 2008] [info] Seeding PRNG with 136 bytes of entropy
[Thu Sep 18 21:09:09 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Thu Sep 18 21:09:09 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
[Thu Sep 18 21:09:09 2008] [debug] ssl_engine_kernel.c(1789): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Thu Sep 18 21:09:09 2008] [info] [client 212.17.141.57] (os 0x28867360)Unrecognized Win32 error code 679900000: SSL library error 1 in handshake (server www.myplace.com:443)
[Thu Sep 18 21:09:09 2008] [info] SSL Library Error: 336183361 error:1409C041:SSL routines:SSL3_SETUP_BUFFERS:malloc failure
[Thu Sep 18 21:09:09 2008] [info] [client 212.17.141.57] Connection closed to child 283 with abortive shutdown (server www.myplace.com:443)

Open in new window

0
Comment
Question by:szczecin
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 6

Accepted Solution

by:
sr1xxon earned 500 total points
ID: 22831007
probably an issue with your openssl implementation - slow memory leak - relating to memory allocation (trying to re-use an in-use section of memory), NOT total memory available.

what version of openssl are you using - did you build it from source? This could be resolved by a later version of openssl.
alternatively, there could be a problem with the program calling the ssl routine - freeradius and dovecot both displayed exactly these errors, which were resolved in later releases.




0
 

Author Comment

by:szczecin
ID: 22833759
It is OpenSSL 0.9.8h. No, I did not build it from the scratch (btw. it runs under windows 2003). Yes, I have seen in some related post about similar problem it was in connection with freeradius and dovecot, but I do not use any of them. OpenSSL works under Apache 2.2.
0

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question