[users@httpd] Loading certificate and private key of SSL-aware server occurred 4 times in a row

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I've build successfully Apache 2.2.3 with OpenSSL 0.9.9[dev] and generated the ECC cert using with curve secp521r1. 
When I tried with openssl s_server, my client (Firefox) could browse to my site running on ECC cert successfully. 
But when I use my client to connect to my apache web server via 443, my client is getting the error 'Firefox can't connect securely to localhost because the site uses a security protocol which isn't enabled'. 

Interestingly the loading of cert actually occurred 4 times. Is this normal?

I've applied the fixes in bug 40132 to expose ECC cipher suites too. 

This is the latest log I've got when I set the log level to debug. 
[Tue Nov 07 10:18:25 2006] [info] Loading certificate & private key of SSL-aware server 
[Tue Nov 07 10:18:25 2006] [debug] ssl_engine_pphrase.c(469): unencrypted ECC private key - pass phrase not required 
[Tue Nov 07 10:18:27 2006] [info] Configuring server for SSL protocol 
[Tue Nov 07 10:18:27 2006] [debug] ssl_engine_init.c(408): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) 
[Tue Nov 07 10:18:27 2006] [debug] ssl_engine_init.c(608): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] 
[Tue Nov 07 10:18:27 2006] [debug] ssl_engine_init.c(784): Configuring ECC server private key 
[Tue Nov 07 10:18:28 2006] [info] Loading certificate & private key of SSL-aware server 
[Tue Nov 07 10:18:28 2006] [debug] ssl_engine_pphrase.c(469): unencrypted ECC private key - pass phrase not required 
[Tue Nov 07 10:18:29 2006] [info] Configuring server for SSL protocol 
[Tue Nov 07 10:18:29 2006] [debug] ssl_engine_init.c(408): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) 
[Tue Nov 07 10:18:29 2006] [debug] ssl_engine_init.c(608): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] 
[Tue Nov 07 10:18:29 2006] [debug] ssl_engine_init.c(784): Configuring ECC server private key 
[Tue Nov 07 10:18:30 2006] [info] Loading certificate & private key of SSL-aware server 
[Tue Nov 07 10:18:30 2006] [debug] ssl_engine_pphrase.c(469): unencrypted ECC private key - pass phrase not required 
[Tue Nov 07 10:18:30 2006] [info] Configuring server for SSL protocol 
[Tue Nov 07 10:18:30 2006] [debug] ssl_engine_init.c(408): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) 
[Tue Nov 07 10:18:30 2006] [debug] ssl_engine_init.c(608): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] 
[Tue Nov 07 10:18:30 2006] [debug] ssl_engine_init.c(784): Configuring ECC server private key 
[Tue Nov 07 10:18:31 2006] [info] Loading certificate & private key of SSL-aware server 
[Tue Nov 07 10:18:31 2006] [debug] ssl_engine_pphrase.c(469): unencrypted ECC private key - pass phrase not required 
[Tue Nov 07 10:18:33 2006] [info] Configuring server for SSL protocol 
[Tue Nov 07 10:18:33 2006] [debug] ssl_engine_init.c(408): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) 
[Tue Nov 07 10:18:33 2006] [debug] ssl_engine_init.c(608): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] 
[Tue Nov 07 10:18:33 2006] [debug] ssl_engine_init.c(784): Configuring ECC server private key 
[Tue Nov 07 10:18:38 2006] [info] [client 127.0.0.1] Connection to child 249 established (server www.example.com:443) 
[Tue Nov 07 10:18:38 2006] [info] Seeding PRNG with 144 bytes of entropy 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1780): OpenSSL: Handshake: start 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1788): OpenSSL: Loop: before/accept initialization 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 11/11 bytes from BIO#53c8f8 [mem: 5d0010] (BIO dump follows) 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0000: 80 6d 01 03 00 00 54 00-00 00 10 .m....T.... | 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1775): OpenSSL: read 100/100 bytes from BIO#53c8f8 [mem: 5d001b] (BIO dump follows) 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1722): +-------------------------------------------------------------------------+ 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0000: 00 c0 0a 00 c0 14 00 00-39 00 00 38 00 c0 0f 00 ........9..8.... | 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0010: c0 05 00 00 35 00 c0 07-00 c0 09 00 c0 11 00 c0 ....5........... | 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0020: 13 00 00 33 00 00 32 00-c0 0c 00 c0 0e 00 c0 02 ...3..2......... | 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0030: 00 c0 04 00 00 04 00 00-05 00 00 2f 00 c0 08 00 .........../.... | 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0040: c0 12 00 00 16 00 00 13-00 c0 0d 00 c0 03 00 fe ................ | 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0050: ff 00 00 0a 5b 50 b2 e9-25 9a 13 c4 60 5f 86 5e ....[P..%...`_.^ | 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1747): | 0060: 9e 50 2c d8 .P,. | 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_io.c(1753): +-------------------------------------------------------------------------+ 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1798): OpenSSL: Write: SSLv3 read client hello B 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1817): OpenSSL: Exit: error in SSLv3 read client hello B 
[Tue Nov 07 10:18:38 2006] [debug] ssl_engine_kernel.c(1817): OpenSSL: Exit: error in SSLv3 read client hello B 
[Tue Nov 07 10:18:38 2006] [info] [client 127.0.0.1] SSL library error 1 in handshake (server www.example.com:443) 
[Tue Nov 07 10:18:38 2006] [info] SSL Library Error: 336109761 error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher Too restrictive SSLCipherSuite or using DSA server certificate? 
[Tue Nov 07 10:18:38 2006] [info] [client 127.0.0.1] Connection closed to child 249 with abortive shutdown (server www.example.com:443) 

Interestingly the loading of cert actually occurred 4 times. Is this normal?


	


	
		
__________________________________ 
What is the internet to you? 
Contribute to the Yahoo! Time Capsule and be a part of internet history. 
http://timecapsule.yahoo.com/capsule.php?intl=sg

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux