I have been struggling with this problem for a while now, hopefully someone here can point me in the right direction:
It seems to be an openssl problem rather than an apache problem, but I haven't had any response from that list so maybe someone here has experienced the same problem. Here it is:
I have compiled openssl-0.9.6g on RedHat 8.0 and it passes make test and installs OK.I then compiled and installed Apache-SSL 1.3.29+BenSSL-1.53, but https connections only work if the browser is set to SSL2 only.I can't see anything wrong with the Apache configuration, so tested as follows with the following results:openssl s_client -ssl3 -connect www2.cyberscreen.com:443 CONNECTED(00000003)26858:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:529:or, in debug mode I get the hex of the certificate displayed, it seems to read all the fields but then ends withread from 0816CB80 [08172138] (5 bytes => 0 (0x0))25427:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:226:===================================I also get the following message written to the Apache error log when attempting ssl3/tls connections:apache_ssl.c(298): error:1408C095:SSL routines:SSL3_GET_FINISHED:digest check failedapache_ssl.c(2042): CIPHER is AES256-SHA apache_ssl.c(294): SSL_accept returned 0however, openssl s_client -ssl2 -connect www2.cyberscreen.com:443 connects fine, reads the certificate and establishes the https connection.I am using self-signed certs for testing and have re-generated them several times in case of error, but always with the same result. On an older server running RedHat 6.2 and Apache-SSL 1.3.12, OpenSSL-0.9.5d, I have had no problems for four years.I have spent ages trawling the internet for this problem but have not found a definitive solution.Guidance appreciated. TIA Peter Rose London UK
I don't like your fashion business, mister - Leonard Cohen / First We Take Manhattan --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx