OK, following my last thread, now I've got an SSL issue of it timing out. Seems the handshake isn't occurring.
Ubuntu 10.04
ports.conf
Code:
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
NameVirtualHost *:80
Listen 80
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerName web.site.com
SSLEngine On
SSLCertificateFile /etc/ssl/priv/public.crt
SSLCertificateKeyFile /etc/ssl/priv/ssl.key
SSLCACertificateFile /etc/ssl/priv/intermediate.crt
</VirtualHost>
NameVirtualHost *:443
Listen 443
</IfModule>
Also placed this in my
/etc/apache2/sites-enabled/ssl
Code:
<VirtualHost *:443>
DocumentRoot /var/www
SSLEngine on
#SSLOptions +StrictRequire
SSLCertificateFile /etc/ssl/priv/public.crt
SSLCertificateKeyFile /etc/ssl/priv/ssl.key
SSLCACertificateFile /etc/ssl/priv/intermediate.crt
ServerAdmin me@localhost
</VirtualHost>
iptables -L -n -v produces:
Code:
14331 788K ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
Chain ufw-user-limit (0 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 0 level 4 prefix `[UFW LIMIT BLOCK] '
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0
Chain ufw-user-logging-forward (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-input (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-logging-output (0 references)
pkts bytes target prot opt in out source destination
Chain ufw-user-output (1 references)
pkts bytes target prot opt in out source destination
Out of my ssl log:
Code:
[Wed Aug 15 21:14:42 2012] [info] [client 127.0.0.1] Connection to child 7 established (server web.site.com:443)
[Wed Aug 15 21:14:42 2012] [info] Seeding PRNG with 648 bytes of entropy
[Wed Aug 15 21:14:42 2012] [debug] ssl_engine_kernel.c(1916): OpenSSL: Handshake: start
[Wed Aug 15 21:14:42 2012] [debug] ssl_engine_kernel.c(1924): OpenSSL: Loop: before/accept initialization
[Wed Aug 15 21:14:42 2012] [debug] ssl_engine_io.c(1909): OpenSSL: read 11/11 bytes from BIO#b8d78160 [mem: b8d8b7e0] (BIO dump follows)
[Wed Aug 15 21:14:42 2012] [debug] ssl_engine_io.c(1842): +-------------------------------------------------------------------------+
[Wed Aug 15 21:14:42 2012] [debug] ssl_engine_io.c(1881): | 0000: 5f 40 45 59 5f 5e 53 20-2a 20 48 OPTIONS * H |
[Wed Aug 15 21:14:42 2012] [debug] ssl_engine_io.c(1887): +-------------------------------------------------------------------------+
[Wed Aug 15 21:14:42 2012] [debug] ssl_engine_kernel.c(1953): OpenSSL: Exit: error in SSLv2/v3 read client hello A
[Wed Aug 15 21:14:42 2012] [info] [client 127.0.0.1] SSL library error 1 in handshake (server web.site.com:443)
[Wed Aug 15 21:14:42 2012] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Aug 15 21:14:42 2012] [info] [client 127.0.0.1] Connection closed to child 7 with abortive shutdown (server web.site.com:443)
So I see the "error in SSLv2/v3 read" line which seems to indicate where my problem is, but researching that hasn't yielded any real assistance.
Little help?
FAQ
Search
Members
Register
Login [ Anonymous ]
