Re: (104)Connection reset by peer: SSL input filter read failed.

[Igor Cicimov <icicimov@xxxxxxxxx>]

Hi,

Using "ProxyRequests off" means the apache is going to be a reverse proxy but I can't see your ProxyPassreverse statement. Also the order of the proxy commands is little bit weird. I wold do it in this way:

ProxyRequests off
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyPassReverse / https://10.10.0.1:8443/

ProxyHTMLURLMap https://itsmtest/
 /

Cheers,
Igor

On Fri, Jul 2, 2010 at 12:28 AM, Mauri <lain80@xxxxxxxxx> wrote:

Hi expert,

my application crashes (BMC Remedy) in the same point.
This is my enviroment: Client --> SSL to Apache Prox --> Tomcat on 8996.

In the apache log i'm reading this error:

[Thu Jul 01 16:37:25 2010] [debug] ssl_engine_io.c(1821): OpenSSL: I/O error, 3237 bytes expected to read on BIO#8a2fdf8 [mem: 8a4d420]
[Thu Jul 01 16:37:25 2010] [info] [client 10.10.0.1] (104)Connection reset by peer: SSL input filter read failed.
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] (104)Connection reset by peer: proxy: error reading status line from remote server 10.10.0.1, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] mod_proxy_http.c(1466): [client 10.173.202.231] proxy: NOT Closing connection to client although reading from backend server 10.10.0.1 failed., referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [error] [client 10.173.202.231] proxy: Error reading from remote server returned by /arsys/plugins/AtriumWidget/messagebroker/amfsecure, referer: https://itsmtest/arsys/atrium/AtriumConsole.swf
[Thu Jul 01 16:37:25 2010] [debug] proxy_util.c(2062): proxy: HTTPS: has released connection for (10.10.0.1)

What kind of check can I do?

Many thanks for all suggest, as usual
Cheers,
Mauri

this is my server:

[root@Proxy1 httpd]# uname -a
Linux Proxy1 2.6.18-128.el5 #1 SMP Wed Dec 17 11:42:39 EST 2008 i686 i686 i386 GNU/Linux
[root@Proxy1 httpd]# rpm -qa | grep httpd
httpd-manual-2.2.3-31.el5_4.2
system-config-httpd-1.3.3.3-1.el5
httpd-2.2.3-31.el5_4.2
httpd-devel-2.2.3-31.el5_4.2

this is my ssl.conf configuration:

LoadModule ssl_module modules/mod_ssl.so
LoadFile   /usr/lib/libxml2.so
LoadModule proxy_html_module modules/mod_proxy_html.so
LoadModule xml2enc_module modules/mod_xml2enc.so

Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
NameVirtualHost itsmtest:443
<VirtualHost itsmtest:443>
ServerName itsmtest
ErrorLog logs/ictitsm_ssl_error_log_443
TransferLog logs/ictitsm_ssl_access_log_443
LogLevel Debug
ProxyHTMLLogVerbose On
ProxyPreserveHost On
ProxyPass / https://10.10.0.1:8443/
ProxyHTMLURLMap https://itsmtest/ /
ProxyRequests off
SetEnv force-proxy-request-1.0 1
SetEnv proxy-nokeepalive 1
SetEnv proxy-initial-not-pooled 1
timeout 900

<Location />
        ProxyPassReverse https://itsmtest/
        ProxyHTMLEnable On
        ProxyHTMLMeta On
        ProxyHTMLURLMap  /      /
        RequestHeader    unset  Accept-Encoding
</Location>

SSLEngine on
SSLProxyEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/httpd/cert/proxy_coll_new.crt
SSLCertificateKeyFile /etc/httpd/cert/proxy_coll_new.key
SSLCertificateChainFile /etc/httpd/cert/GlobalCA.cer

<Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
</Directory>
SetEnv proxy-nokeepalive 1
SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>