About 3 days ago our Apache logs started filling with the following errors:
[Fri Jan 22 12:20:38 2010] [error] mod_ssl: SSL handshake failed (server <weberver>:443, client 41.235.234.172) (OpenSSL library error follows)
[Fri Jan 22 12:20:38 2010] [error] OpenSSL: error:1408A0B7:SSL routines:SSL3_GET_CLIENT_HELLO:no ciphers specified
These initially were happening at rate of about 3000 per minute and we started blocking IP addresses at our firewall. The rate has no dropped to about 500 per minute. The problem is the IP addresses are relatively random and we do not have the manpower to keep adding IP address continuely to the firewall ( in the last 24 hours there were over 100,000 individual IPs). We also are hesitant to block large IP ranges.
My question is:
Is there some kind tool that can be installed on our firewall that could catch these requests before they reach our webservers?
The firewall is an OpenBSD machine.
This problem has been affecting connectivity to our webservers.