|
Hi, I am running apache 2.2.15 with openssl 0.9.8k. I have a
site configured to authenticate with user certs. The problem is that when I
assess the site with firefox 3.6.9, it works fine, but when I assess it with
3.6.2 or older versions of firefox, it doesn’t work. In the browser, the
following error message is shown: SSL peer was not expecting a handshake message it received. (Error code: ssl_error_handshake_unexpected_alert) At the beginning of the log, I see this: [Mon Sep 20 11:20:36 2010] [debug]
ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read client hello A [Mon Sep 20 11:20:36 2010] [debug]
ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server hello A [Mon Sep 20 11:20:36 2010] [debug] ssl_engine_kernel.c(1874):
OpenSSL: Loop: SSLv3 write certificate A [Mon Sep 20 11:20:36 2010] [debug]
ssl_engine_kernel.c(1274): [client 10.125.236.119] handing out temporary 1024
bit DH key [Mon Sep 20 11:20:36 2010] [debug]
ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write key exchange A [Mon Sep 20 11:20:36 2010] [debug]
ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 write server done A [Mon Sep 20 11:20:36 2010] [debug]
ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 flush data And at the end of the log, I see this: [Mon Sep 20 11:20:58 2010] [debug]
ssl_engine_kernel.c(1884): OpenSSL: Write: SSLv3 read client key exchange A [Mon Sep 20 11:20:58 2010] [debug]
ssl_engine_kernel.c(1903): OpenSSL: Exit: error in SSLv3 read client key
exchange A [Mon Sep 20 11:20:58 2010] [error] [client 10.125.236.119]
Re-negotiation handshake failed: Not accepted by client!? Note that the “handing out temporary 1024 bit DH
key” line does not exist in the log when I am using firefox 3.6.9. I have
also tested it with IE6 and IE8. All work fine and the “handing out
temporary …” line is not in the log. I suspect this is what is
causing the issue. Can someone please advise? Thanks.
Jackie _______________________________________________ This e-mail may contain
information that is confidential, privileged or otherwise protected from
disclosure. If you are not an intended recipient of this e-mail, do not
duplicate or redistribute it by any means. Please delete it and any attachments
and notify the sender that you have received it in error. Unless specifically
indicated, this e-mail is not an offer to buy or sell or a solicitation to buy
or sell any securities, investment products or other financial product or
service, an official confirmation of any transaction, or an official statement
of Barclays. Any views or opinions presented are solely those of the author and
do not necessarily represent those of Barclays. This e-mail is subject to terms
available at the following link: www.barcap.com/emaildisclaimer.
By messaging
with Barclays you consent to the foregoing. Barclays Capital is the investment
banking division of Barclays Bank PLC, a company registered in _______________________________________________ |
|