handshake/connection errors

csross · October 30, 2008, 2:11pm

I'm running solaris openssl 097l and I upgraded to 098h. I see errors in the logs that seem like debugging errors that showed up, but seemed to happen in both versions I believe. I am using a certificate from another machine to test for this server. I believe the error messages generate when I access the page (as the IP is my PC), and the https pages does come up.

There are entries when I start ssl, and the entries when I request an https page. I've removed alot of lines that contain only debug errors and no messages.

1) I am seeing all debug errors (they are bolded)
2) In the same session, it seems to start different connections, and them some of them see to close badly (could that be when I look at the certificate)

Thank you in advance for any assistance.

[Thu Oct 30 10:45:22 2008] [info] Loading certificate & private key of SSL-aware server
[Thu Oct 30 10:45:22 2008] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required
[Thu Oct 30 10:45:26 2008] [info] Configuring server for SSL protocol
[Thu Oct 30 10:45:26 2008] [debug] ssl_engine_init.c(384): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Thu Oct 30 10:45:26 2008] [debug] ssl_engine_init.c(580): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Thu Oct 30 10:45:26 2008] [debug] ssl_engine_init.c(708): Configuring RSA server certificate
[Thu Oct 30 10:45:26 2008] [debug] ssl_engine_init.c(747): Configuring RSA server private key

[Thu Oct 30 10:46:31 2008] [info] [client 10.10.10.60] Connection to child 9 established (server The Server News)

[Thu Oct 30 10:46:31 2008] [info] Seeding PRNG with 0 bytes of entropy
[Thu Oct 30 10:46:31 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Thu Oct 30 10:46:31 2008] [info] Connection: Client IP: 10.10.10.60, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)

[Thu Oct 30 10:46:31 2008] [debug] ssl_engine_io.c(1828): OpenSSL: I/O error, 5 bytes expected to read on BIO#18f278 [mem: 1a50a8]

[Thu Oct 30 10:46:31 2008] [info] [client 10.10.10.60] (70014)End of file found: SSL input filter read failed.
[Thu Oct 30 10:46:31 2008] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished successfully

[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection to child 16 established (server The Server News)

[Thu Oct 30 10:46:36 2008] [info] Seeding PRNG with 0 bytes of entropy
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
------------------------------+
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A
Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] (70014)End of file found: SSL input filter read failed.

[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished successfully
[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection closed to child 16 with standard shutdown (server The Server News)
[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection to child 14 established (server The Server News)

[Thu Oct 30 10:46:36 2008] [info] Seeding PRNG with 0 bytes of entropy
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
[Thu Oct 30 10:46:36 2008] [info] Initial (No.1) HTTPS request received for child 14 (server The Server News)
[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection closed to child 14 with unclean shutdown (server The Server News)

[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection to child 17 established (server The Server News)
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_io.c(1817): OpenSSL: read 11/11 bytes from BIO#18f278 [mem: 19f090] (BIO dump follows)
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[Thu Oct 30 10:46:36 2008] [info] Initial (No.1) HTTPS request received for child 17 (server The Server News)
[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection closed to child 17 with unclean shutdown (server The Server News)

incredible · October 31, 2008, 11:17am

This is due to a bug with IE whereby IE closes the SSL connection without issuing the proper SSL protocol

csgonan · November 10, 2008, 2:18pm

Thank you. Is there a fix for it either at the IE level or SSL?

csgonan · November 10, 2008, 2:43pm

hello,

I tried to access the same page in firefox and although I did not get all the "connection closed with unclean shutdown", I did get all the debugging output. What is causing the detailed output of the connection?

Also, I pulled up the same page on a server that is still running 0.9.7l and I did not get any messages, info or debug.

Any suggestions would be appreciated.

Thanks

csgonan · November 10, 2008, 3:39pm

I see the LogLevel in httpd.conf is set to debug, so that is causing the debug output.