"[Mon Mar 19 06:51:12 2012] [info] SSL Library Error: 336109761 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_ HELLO:no shared cipher Too restrictive SSLCipherSuite or using DSA server certificate?"
Check the SSLCipherSuite directive in your SSL host as the error says it might be too restrictive. Try adding more options.
Here is what I got when I put the loglevel to debug in httpd.conf
===============================================================
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1866): OpenSSL:
Handshake: start
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1874): OpenSSL:
Loop: before/accept initialization
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
read 11/11 bytes from BIO#7fa4600011a0 [mem: 7fa460006ac0] (BIO dump
follows)
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 16
03 00 00 2d 01 00 00-29 03 ....-...). |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0011 - <SPACES/NULS>
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1897): OpenSSL:
read 39/39 bytes from BIO#7fa4600011a0 [mem: 7fa460006acb] (BIO dump
follows)
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1830):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0000: 4f
66 66 ec 02 5d 92 3d-4d db ee c7 10 f5 d5 43 Off..].=M......C |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0010: 3e
16 87 86 7b c9 a0 88-db 60 5a c8 f1 46 10 8f >...{....`Z..F.. |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1869): | 0020: 00
00 02 00 04 01 ...... |
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1873): | 0039 - <SPACES/NULS>
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_io.c(1875):
+-------------------------------------------------------------------------+
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1884): OpenSSL:
Write: SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
Exit: error in SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [debug] ssl_engine_kernel.c(1903): OpenSSL:
Exit: error in SSLv3 read client hello C
[Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] SSL library error
1 in handshake (server www.example.com:443)
[Mon Mar 19 06:51:12 2012] [info] SSL Library Error: 336109761
error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Too
restrictive SSLCipherSuite or using DSA server certificate?
[Mon Mar 19 06:51:12 2012] [info] [client 10.2.1.2] Connection closed
to child 2 with abortive shutdown (server www.example.com:443)
==================================================================
quite strange, openssl s_client command can pass the SSL handshake while
this java application cannot.
openssl version is 0.9.8u
Welcome any inputs!
Thanks,
-Aubrey
On Fri, Mar 16, 2012 at 1:50 AM, Mark Montague <mark@xxxxxxxxxxx> wrote:
> On March 15, 2012 13:31 , Aubrey Li <aubreylee@xxxxxxxxx> wrote:
>>
>> Thanks for your reply. here is the output of httpd -V. [...]
>>
>>
>> -D HTTPD_ROOT="/export/bench/benchmarks/apache2"
>> -D SUEXEC_BIN="/export/bench/benchmarks/apache2/bin/suexec"
>> -D DEFAULT_PIDLOG="logs/httpd.pid"
>> -D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
>> -D DEFAULT_ERRORLOG="logs/error_log"
>> -D AP_TYPES_CONFIG_FILE="conf/mime.types"
>> -D SERVER_CONFIG_FILE="conf/httpd.conf"
>>
>>>> I built httpd-2.2.22 on a RHEL6.2 system with SSL enabled. Then I made a
>>>> client
>>>> to create a connection to httpd but received a handshake failure report.
>>>>
>>>> [...]
>>>>
>>>> When I connect the client to the server(RHEL6.2), there is no
>>>> access_log, no err_log,
>>>> nothing added in /var/log/messages, it's very weird.
>
>
> So you are saying that you have a file at
> /export/bench/benchmarks/apache2/conf/httpd.conf that contains all of the
> correct directives to configure SSL, logging, and appropriate virtual hosts?
>
> And you are saying that no logs are appearing at
> /export/bench/benchmarks/apache2/logs/error_log nor at the location that you
> specify in your ErrorLog directive in
> /export/bench/benchmarks/apache2/conf/httpd.conf ?
>
> In this case, what user are you starting httpd as? What are the values for
> the User and Group directives in
> /export/bench/benchmarks/apache2/conf/httpd.conf ? Do that user and group
> have write access to the place you are telling this version of httpd to
> write its error logs?
>
> Is this system running any Mandatory Access Control system such as SELinux,
> AppArmor, Tomoyo, or grsecurity that could be interferring with what this
> version of httpd is trying to do or where it is trying to do it? If so,
> then check the log files for the Mandatory Access Control system that you
> are running to find out what the problem is.
>
> Hopefully other people on this list will have additional, and better,
> suggestions of things to check.
>
> --
> Mark Montague
> mark@xxxxxxxxxxx
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|