On Wed, Jan 26, 2011 at 23:00, Daniel Stenberg <daniel@xxxxxxx> wrote: >> curl/openssl 0.9.8k <-> apache/openssl 1.0.0 -> error > >> I'm not sure what to take away from this. Maybe it's a problem that is >> partly caused by both apache and curl? > > Could be. I just have a hard time to see why code in curl that has worked > for so many years suddenly would stop working. It just so feels like else > changed. Well, it's definitely a possibility that neither Apache nor Curl are at fault but OpenSSL. The strange thing is that I could not produce any failure with the OpenSSL command line tool. But that doesn't mean that openssl is completely innocent. > This error (or something similar to it) is often seen when we try to talk > plain HTTP to a HTTPS server or vice versa. Did you verify that HTTPS was > working fine on that port when you ran the OpenSSL 1.0.0 version of the > server? No, it definitely worked before with curl/openssl 1.0.0 and all kinds of browsers. Also, as I wrote, it worked with the OpenSSL 0.9.8k command line tool. > Perhaps it is possible to add verbose level and further debug log stuff in > the server to see what makes it suddenly decide the handshake is bad. I didn't find much in this direction in the apache docs, unfortunately... http://httpd.apache.org/docs/2.2/mod/mod_ssl.html Next thing I'll try is to check whether I can reproduce this using a different distribution that also uses OpenSSL 1.0.0. I'll let you know when I have the results... Best, Mika -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html