Here is what I got when I put the loglevel to debug in httpd.conf
===============================================================
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1866): OpenSSL:
Handshake: start
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1874): OpenSSL:
Loop: before/accept initialization
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
read 11/11 bytes from BIO#7fa4600011a0 [mem: 7fa460006ac0] (BIO dump
follows)
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 16
03 00 00 2d 01 00 00-29 03 ....-...). |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0011 - <SPACES/NULS>
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
read 39/39 bytes from BIO#7fa4600011a0 [mem: 7fa460006acb] (BIO dump
follows)
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 4f
66 66 ec 02 5d 92 3d-4d db ee c7 10 f5 d5 43 Off..].=M......C |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0010: 3e
16 87 86 7b c9 a0 88-db 60 5a c8 f1 46 10 8f >...{....`Z..F.. |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0020: 00
00 02 00 04 01 ...... |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0039 - <SPACES/NULS>
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1884): OpenSSL:
Write: SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
Exit: error in SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
Exit: error in SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] SSL library error
1 in handshake (server www.example.com:443)
[Mon Mar 19 06:51:12 2012] [info] SSL Library Error: 336109761
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Too
restrictive SSLCipherSuite or using DSA server certificate?
[Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] Connection closed
to child 2 with abortive shutdown (server www.example.com:443)
==================================================================
quite strange, openssl s_client command can pass the SSL handshake while
this java application cannot.
openssl version is 0.9.8u
Welcome any inputs!
Thanks,
-Aubrey
On Fri, Mar 16, 2012 at 1:50 AM, Mark Montague <mark@xxxxxxxxxxx> wrote:
> On March 15, 2012 13:31 , Aubrey Li <aubreylee@xxxxxxxxx> wrote:
>>
>> Thanks for your reply. here is the output of httpd -V. [...]
>>
>>
>> -D HTTPD_ROOT="/export/bench/benchmarks/apache2"
>> -D SUEXEC_BIN="/export/bench/benchmarks/apache2/bin/suexec"
>> -D DEFAULT_PIDLOG="logs/httpd.pid"
>> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>> -D DEFAULT_ERRORLOG="logs/error_log"
>> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>> -D SERVER_CONFIG_FILE="conf/httpd.conf"
>>
>>>> I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I made a
>>>> client
>>>> to create a connection to httpd but received a handshake failure report.
>>>>
>>>> [...]
>>>>
>>>> When I connect the client to the server(RHEL6.2), there is no
>>>> access_log, no err_log,
>>>> nothing added in /var/log/messages, it's very weird.
>
>
> So you are saying that you have a file at
> /export/bench/benchmarks/apache2/conf/httpd.conf that contains all of the
> correct directives to configure SSL, logging, and appropriate virtual hosts?
>
> And you are saying that no logs are appearing at
> /export/bench/benchmarks/apache2/logs/error_log nor at the location that you
> specify in your ErrorLog directive in
> /export/bench/benchmarks/apache2/conf/httpd.conf ?
>
> In this case, what user are you starting httpd as? What are the values for
> the User and Group directives in
> /export/bench/benchmarks/apache2/conf/httpd.conf ? Do that user and group
> have write access to the place you are telling this version of httpd to
> write its error logs?
>
> Is this system running any Mandatory Access Control system such as SELinux,
> AppArmor, Tomoyo, or grsecurity that could be interferring with what this
> version of httpd is trying to do or where it is trying to do it? If so,
> then check the log files for the Mandatory Access Control system that you
> are running to find out what the problem is.
>
> Hopefully other people on this list will have additional, and better,
> suggestions of things to check.
>
> --
> Mark Montague
> mark@xxxxxxxxxxx
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|