Re: [Mon Oct 10 03:22:04.996806 2016] [ssl:info] [pid 30422:tid 140074806683968] SSL Library Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello Mohammad

I was facing simmilar issue, seems like mod_ssl need to be compiled with openssl 1.0.x or install system maintainer version (in my case it was 1.0.9h then recompile openssl and use --with-ssl=<yourpathtossllib>  when compiling apache. Also you should disable SSL2 support when compilling openssl (
./config --prefix=/usr enable-shared -no-ssl2 )


The list of protocols available can later be limited using the
  SSL_OP_NO_SSLv2, SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1 options of the
  SSL_CTX_set_options() or SSL_set_options() functions. Using these
  options it is possible to choose e.g. SSLv23_server_method() and be
  able to negotiate with all possible clients, but to only allow newer
  protocols like SSLv3 or TLSv1.

hope this help

best regards 

Pavol


On Mon, Oct 10, 2016 at 9:54 AM, noor mahammad <mahammad4noor@xxxxxxxxx> wrote:
hi team,

When i enabled the mod_ssl modules, i seeing following information and i am unable to get access the application installed on Apache-2.4.23

[Mon Oct 10 03:22:07.742398 2016] [ssl:info] [pid 30422:tid 140074756327744] (os 0x02914968)Unrecognized resolver error: [client 10.249.121.5:39231] AH02008: SSL library error 1 in handshake
[Mon Oct 10 03:22:07.742417 2016] [ssl:info] [pid 30422:tid 140074756327744] SSL Library Error: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number

Graceful restart of the apache server is success, with the following logs,
[Mon Oct 10 03:19:12.040636 2016] [ssl:warn] [pid 2950:tid 140074970879792] AH01917: Init: Name-based SSL virtual hosts require an OpenSSL version with support for TLS extensions (RFC 6066 - Server Name Indication / SNI), but the currently used library version (OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008) is lacking this feature
[Mon Oct 10 03:19:12.040672 2016] [ssl:info] [pid 2950:tid 140074970879792] AH01876: mod_ssl/2.4.23 compiled against Server: Apache/2.4.23, Library: OpenSSL/0.9.8e-rhel5
[Mon Oct 10 03:19:12.040723 2016] [weblogic:notice] [pid 2950:tid 140074970879792] WebLogic Server Plugin version 12.2.1.1.0 <WLSPLUGINS_12.2.1.1.0_LINUX.X64_160606.1845>
[Mon Oct 10 03:19:12.040750 2016] [weblogic:info] [pid 2950:tid 140074970879792] mod_weblogic: init_mod: mpm is threaded.
[Mon Oct 10 03:19:12.144633 2016] [mpm_worker:notice] [pid 2950:tid 140074970879792] AH00292: Apache/2.4.23 (Unix) mod_jk/1.2.37 OpenSSL/0.9.8e-fips-rhel5 Taleo Web Server 8 configured -- resuming normal operations
[Mon Oct 10 03:19:12.144666 2016] [mpm_worker:info] [pid 2950:tid 140074970879792] AH00293: Server built: Oct  4 2016 05:57:38

Could you please suggest how to fix it.

Let me explain one more thing here,
1. I am abe to run application succesfully on apache-2.4.23 without loading mod_ssl.
2. But when i load the mod_ssl i am unable to access the application url, i didn't changes anything in application. Just i loaded mod_ssl thats it.
Could you suggest on it.

Thanks,
Mahammad Noor


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux