apache, mod_ssl => ssl handshake interrupted

Apache, Lighttpd, nginx, Cherokee
TecServer
Anbieter
Posts: 91
Joined: 2006-04-08 21:41

apache, mod_ssl => ssl handshake interrupted

Post by TecServer » 2007-09-23 18:57

grüß euch,

hab nun ein echtes thawtee zertifikat erworben, eingebunden und es hat auch gut 6 monate tadellos funktioniert. nun nach dem upgrade auf apache 2.2 funktioniert https nicht mehr und im log tauchen bei aufruf der seite folgende fehler im error_log auf:

Code: Select all

[Sun Sep 23 18:21:47 2007] [info] [client 85.127.60.61] Connection to child 0 established (server www.domain.com:443)
[Sun Sep 23 18:21:47 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 18:21:47 2007] [info] Client requested a 'session-resume' but we have no such session.
[Sun Sep 23 18:21:47 2007] [info] Initial (No.1) HTTPS request received for child 0 (server www.domain.com:443)
[Sun Sep 23 18:21:47 2007] [error] [client 85.127.60.61] client denied by server configuration: /var/www/domain/favicon.ico
[Sun Sep 23 18:21:49 2007] [info] Subsequent (No.2) HTTPS request received for child 0 (server www.domain.com:443)
[Sun Sep 23 18:21:49 2007] [error] [client 85.127.60.61] client denied by server configuration: /var/www/domain/
[Sun Sep 23 18:21:49 2007] [info] Subsequent (No.3) HTTPS request received for child 0 (server www.domain.com:443)
[Sun Sep 23 18:21:49 2007] [error] [client 85.127.60.61] client denied by server configuration: /var/www/domain/favicon.ico
[Sun Sep 23 18:21:49 2007] [info] [client 85.127.60.61] Connection to child 1 established (server www.domain.com:443)
[Sun Sep 23 18:21:49 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 18:21:49 2007] [info] [client 85.127.60.61] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Sun Sep 23 18:21:49 2007] [info] [client 85.127.60.61] Connection closed to child 1 with abortive shutdown (server www.domain.com:443)
[Sun Sep 23 18:21:49 2007] [info] [client 85.127.60.61] Connection to child 2 established (server www.domain.com:443)
[Sun Sep 23 18:21:49 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 18:21:49 2007] [info] Initial (No.1) HTTPS request received for child 2 (server www.domain.com:443)
[Sun Sep 23 18:21:49 2007] [error] [client 85.127.60.61] client denied by server configuration: /var/www/domain/favicon.ico
[Sun Sep 23 18:22:04 2007] [info] [client 85.127.60.61] (70007)The timeout specified has expired: SSL input filter read failed.
[Sun Sep 23 18:22:04 2007] [info] [client 85.127.60.61] Connection closed to child 0 with standard shutdown (server www.domain.com:443)
[Sun Sep 23 18:22:04 2007] [info] [client 85.127.60.61] (70007)The timeout specified has expired: SSL input filter read failed.
[Sun Sep 23 18:22:04 2007] [info] [client 85.127.60.61] Connection closed to child 2 with standard shutdown (server www.domain.com:443)


beim restart kommt folgender output:

Code: Select all

[Sun Sep 23 18:19:39 2007] [notice] caught SIGTERM, shutting down
[Sun Sep 23 18:19:40 2007] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sun Sep 23 18:19:40 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 18:19:40 2007] [info] Loading certificate & private key of SSL-aware server
[Sun Sep 23 18:19:40 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sun Sep 23 18:19:40 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sun Sep 23 18:19:40 2007] [info] Init: Initializing (virtual) servers for SSL
[Sun Sep 23 18:19:40 2007] [info] Configuring server for SSL protocol
[Sun Sep 23 18:19:40 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.8e
[Sun Sep 23 18:19:40 2007] [notice] Digest: generating secret for digest authentication ...
[Sun Sep 23 18:21:32 2007] [notice] Digest: done
[Sun Sep 23 18:21:32 2007] [info] Init: Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 18:21:32 2007] [info] Loading certificate & private key of SSL-aware server
[Sun Sep 23 18:21:32 2007] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[Sun Sep 23 18:21:32 2007] [info] Init: Generating temporary DH parameters (512/1024 bits)
[Sun Sep 23 18:21:32 2007] [info] Shared memory session cache initialised
[Sun Sep 23 18:21:32 2007] [info] Init: Initializing (virtual) servers for SSL
[Sun Sep 23 18:21:32 2007] [info] Configuring server for SSL protocol
[Sun Sep 23 18:21:32 2007] [info] mod_ssl/2.2.6 compiled against Server: Apache/2.2.6, Library: OpenSSL/0.9.8e
[Sun Sep 23 18:21:32 2007] [notice] Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8e PHP/5.2.4-pl2-gentoo configured -- resuming normal operations
[Sun Sep 23 18:21:32 2007] [info] Server built: Sep 18 2007 10:32:12


laut server-info wird mod_ssl korrekt geladen.
hat einer von euch da einen rat? bin etwas verwirrt dass dies nun nicht mehr funktioniert und die log infos sind auch recht spärlich

User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: apache, mod_ssl => ssl handshake interrupted

Post by Joe User » 2007-09-23 19:34

Poste bitte Deine vollständige mod_ssl-Konfiguration und den SSL-VHost.

TecServer
Anbieter
Posts: 91
Joined: 2006-04-08 21:41

Re: apache, mod_ssl => ssl handshake interrupted

Post by TecServer » 2007-09-23 19:43

mod_ssl.conf

Code: Select all

<IfDefine SSL>
  <IfModule !mod_ssl.c>
    LoadModule ssl_module    modules/mod_ssl.so
  </IfModule>
</IfDefine>

<IfModule mod_ssl.c>
#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these
# directives see <URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html>
#
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned. 
#

#
# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the SSL library.
# The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
#
# Note: This must come before the <IfDefine SSL> container to support
#       starting without SSL on platforms with no /dev/random equivalent
#       but a statically compiled-in mod_ssl.
#
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

#
# When we also provide SSL we have to listen to the
# standard HTTP port (see above) and to the HTTPS port
#

Listen 443

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#

<IfModule mod_mime.c>
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
</IfModule>

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.

SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism
#   to use and second the expiring timeout (in seconds).
#SSLSessionCache        none
#SSLSessionCache        shmht:logs/ssl_scache(512000)
#SSLSessionCache        shmcb:logs/ssl_scache(512000)
#SSLSessionCache        dbm:/var/cache/apache2/ssl_scache
SSLSessionCache         shm:/var/cache/apache2/ssl_scache(512000)
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization.

SSLMutex  file:/var/cache/apache2/ssl_mutex
</IfModule>


ssl vhost:

Code: Select all

<VirtualHost *:443>
  ServerName www.domain.com
  ServerAlias www.domain.com
  DocumentRoot /var/www/domain

  ScriptAlias /cgi-bin/ /var/www/domain/cgi-bin/
  suPHP_ConfigPath /data/php/domain
  <IfModule mod_ssl.c>
    SSLEngine on
    SSLCertificateKeyFile /home/user/ssl/www_domain_com.key
    SSLCertificateFile /home/user/ssl/www_domain_com.cert

    SetEnvIf User-Agent ".*MSIE.*"
      nokeepalive ssl-unclean-shutdown
      downgrade-1.0 force-response-1.0
    <Files ~ ".(cgi|shtml|phtml|php3?)$">
      SSLOptions +StdEnvVars
    </Files>
    <Directory "/var/www/domain/cgi-bin">
      SSLOptions +StdEnvVars
    </Directory>
  </IfModule>
suPHP_UserGroup domain domain
</VirtualHost>

User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: apache, mod_ssl => ssl handshake interrupted

Post by Joe User » 2007-09-23 20:28

Bitte domain und die Zertifikatspfade jeweils selbst passend setzen:

Code: Select all

<IfModule ssl_module>
    Listen 443
    AddType application/x-x509-ca-cert .crt
    AddType application/x-pkcs7-crl .crl
    SSLRandomSeed startup builtin
    SSLRandomSeed connect builtin
    SSLPassPhraseDialog builtin
    SSLSessionCache shmcb:/var/run/ssl_scache(512000)
    SSLSessionCacheTimeout 300
    SSLMutex file:/var/run/ssl_mutex
    <VirtualHost _default_:443>
        ServerName domain:443
        ServerAdmin webmaster@domain
        DocumentRoot "/var/www/domain"
        <Directory "/var/www/domain">
            Options -All +FollowSymLinks
            AllowOverride Options FileInfo AuthConfig Limit
            Order allow,deny
            Allow from all
        </Directory>
        ErrorLog "/var/log/apache2/ssl_error_log"
        TransferLog "/var/log/apache2/ssl_access_log"
        SSLEngine on
        SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
        SSLCertificateFile "/etc/apache2/ssl/apache.crt"
        SSLCertificateKeyFile "/etc/apache2/ssl/apache.key"
        <FilesMatch ".(cgi|shtml|pl|php)$">
            SSLOptions +StdEnvVars
        </FilesMatch>
        <Directory "/var/www/domain/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
        BrowserMatch ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
        CustomLog "/var/log/apache2/ssl_request_log" "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b"
        suPHP_ConfigPath /data/php/domain
        suPHP_UserGroup domain domain
    </VirtualHost>
</IfModule>

TecServer
Anbieter
Posts: 91
Joined: 2006-04-08 21:41

Re: apache, mod_ssl => ssl handshake interrupted

Post by TecServer » 2007-09-23 20:40

hat nichts gebracht.

nun steht folgendes bei einem ssl aufruf im log:

Code: Select all

[Sun Sep 23 20:32:58 2007] [info] Loading certificate & private key of SSL-aware server
[Sun Sep 23 20:32:58 2007] [info] Configuring server for SSL protocol
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] Connection to child 0 established (server www.domain.com:443)
[Sun Sep 23 20:32:58 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
[Sun Sep 23 20:32:58 2007] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] Connection to child 0 established (server www.domain.com:443)
[Sun Sep 23 20:32:58 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
[Sun Sep 23 20:32:58 2007] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] Connection to child 0 established (server www.domain.com:443)
[Sun Sep 23 20:32:58 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
[Sun Sep 23 20:32:58 2007] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] Connection to child 0 established (server www.domain.com:443)
[Sun Sep 23 20:32:58 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
[Sun Sep 23 20:32:58 2007] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] Connection to child 0 established (server www.domain.com:443)
[Sun Sep 23 20:32:58 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 20:32:58 2007] [info] [client 127.0.0.1] SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page
[Sun Sep 23 20:32:58 2007] [info] SSL Library Error: 336027804 error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request speaking HTTP to HTTPS port!?
[Sun Sep 23 20:33:01 2007] [info] Loading certificate & private key of SSL-aware server
[Sun Sep 23 20:33:01 2007] [info] Configuring server for SSL protocol
[Sun Sep 23 20:33:32 2007] [info] Loading certificate & private key of SSL-aware server
[Sun Sep 23 20:33:32 2007] [info] Configuring server for SSL protocol
[Sun Sep 23 20:35:28 2007] [info] [client 85.127.60.61] Connection to child 1 established (server www.domain.com:443)
[Sun Sep 23 20:35:28 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 20:35:28 2007] [info] Initial (No.1) HTTPS request received for child 1 (server www.domain.com:443)
[Sun Sep 23 20:35:28 2007] [error] [client 85.127.60.61] client denied by server configuration: /var/www/domain/
[Sun Sep 23 20:35:29 2007] [info] Subsequent (No.2) HTTPS request received for child 1 (server www.domain.com:443)
[Sun Sep 23 20:35:29 2007] [error] [client 85.127.60.61] client denied by server configuration: /var/www/domain/favicon.ico
[Sun Sep 23 20:35:29 2007] [info] [client 85.127.60.61] Connection to child 2 established (server www.domain.com:443)
[Sun Sep 23 20:35:29 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 20:35:29 2007] [info] [client 85.127.60.61] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[Sun Sep 23 20:35:29 2007] [info] [client 85.127.60.61] Connection closed to child 2 with abortive shutdown (server www.domain.com:443)
[Sun Sep 23 20:35:29 2007] [info] [client 85.127.60.61] Connection to child 3 established (server www.domain.com:443)
[Sun Sep 23 20:35:29 2007] [info] Seeding PRNG with 136 bytes of entropy
[Sun Sep 23 20:35:29 2007] [info] Subsequent (No.3) HTTPS request received for child 1 (server www.domain.com:443)
[Sun Sep 23 20:35:29 2007] [error] [client 85.127.60.61] client denied by server configuration: /var/www/domain/favicon.ico
[Sun Sep 23 20:35:29 2007] [info] Initial (No.1) HTTPS request received for child 3 (server www.domain.com:443)
[Sun Sep 23 20:35:29 2007] [error] [client 85.127.60.61] client denied by server configuration: /var/www/domain/favicon.ico
[Sun Sep 23 20:35:44 2007] [info] [client 85.127.60.61] (70007)The timeout specified has expired: SSL input filter read failed.
[Sun Sep 23 20:35:44 2007] [info] [client 85.127.60.61] Connection closed to child 1 with standard shutdown (server www.domain.com:443)
[Sun Sep 23 20:35:44 2007] [info] [client 85.127.60.61] (70007)The timeout specified has expired: SSL input filter read failed.
[Sun Sep 23 20:35:44 2007] [info] [client 85.127.60.61] Connection closed to child 3 with standard shutdown (server www.domain.com:443)

User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: apache, mod_ssl => ssl handshake interrupted

Post by Joe User » 2007-09-23 20:59

Code: Select all

emerge --info

emerge -pv apache openssl

rc-update show

TecServer
Anbieter
Posts: 91
Joined: 2006-04-08 21:41

Re: apache, mod_ssl => ssl handshake interrupted

Post by TecServer » 2007-09-23 21:04

emerge --info:

Code: Select all

emerge --info
Portage 2.1.3.9 (default-linux/x86/2006.1, gcc-4.1.2, glibc-2.5-r4, 2.6.22-gentoo-r2 i686)
=================================================================
System uname: 2.6.22-gentoo-r2 i686 Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Timestamp of tree: Mon, 17 Sep 2007 16:20:01 +0000
app-shells/bash:     3.2_p17
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r6
sys-apps/baselayout: 1.12.9-r2
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61-r1
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17-r1
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.24
virtual/os-headers:  2.6.21
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-march=pentium4 -O2 -pipe -mmmx -msse"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php4/ext-active/ /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php4/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php4/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-march=pentium4 -O2 -pipe -mmmx -msse"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks metadata-transfer parallel-fetch sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://gentoo.inode.at/source/ http://gentoo.intergenia.de http://gd.tuwien.ac.at/opsys/linux/gentoo/ http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/"
LINGUAS="de"
MAKEOPTS="-j3"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="apache2 bcmath berkdb big-tables bitmap-fonts bzip2 bzlib calendar cgi checkpath cjk clamav clamd cli cracklib crypt ctype curl curlwrappers dbx dri exif extraengine force-cgi-redirect fortran ftp gd gdbm gpm graphicsmagick hash iconv imagemagick imap innodb ipv6 isdnlog jpeg k latin1 ldap libwww maildir mhash midi mime mudflap mysql ncurses nls nptl nptlonly openmp pam pam-mysql pcre pdf pdo perl perll php png ppds pppd python readline reflection sasl session sharedmem simplexml soap sockets spamd spl sse2 ssl subject-rewrite symlink tcpd truetype-fonts type1-fonts unicode vroot x86 xml xmlreader xmlrpc xmlwriter xorg xsl zip zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="apm ark chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mach64 mga neomagic nsc nv r128 radeon rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LC_ALL, LDFLAGS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS


emerge -pv apache openssl:

Code: Select all

[ebuild   R   ] www-servers/apache-2.2.6  USE="ldap ssl -debug -doc -mpm-event -mpm-itk -mpm-peruser -mpm-prefork -mpm-worker -no-suexec (-selinux) -static-modules -threads" 0 kB 
[ebuild   R   ] dev-libs/openssl-0.9.8e-r2  USE="sse2 zlib -bindist -emacs -test" 0 kB


was du mit rc-update show anfangen willst weis ich nicht - kann doch damit gar nichts zutun haben :-/
apache ist jedenfalls auf default ;)

User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: apache, mod_ssl => ssl handshake interrupted

Post by Joe User » 2007-09-23 21:29

Was betreibst Du da überhaupt, einen Desktop oder einen Server?
http://www.rootforum.org/wiki/howto/gentoo

`rc-update show` hätte gezeigt, ob `rc-update add urandom boot` Dein Problem gelöst hätte. Da Dir allerdings zum Serverbetrieb essenzielle USE-Flags fehlen und Du stattdessen unzählige USE-Flags für den Desktopbetrieb verwendest, hat sich dies eh erledigt. Dein Hauptproblem, insbesondere mit OpenSSL, liegt übrigens in Deinen C(XX)FLAGS...

TecServer
Anbieter
Posts: 91
Joined: 2006-04-08 21:41

Re: apache, mod_ssl => ssl handshake interrupted

Post by TecServer » 2007-09-23 21:32

urandom ist bereits auf boot eingestellt. betrieben wird ein server - welche useflags würdest du dafür setzen?

wo siehst du das problem bei den c flags?

User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: apache, mod_ssl => ssl handshake interrupted

Post by Joe User » 2007-09-23 21:40

Lies einfach mal mein HowTo für Gentoo Hardened auf RootServern im Wiki, Link habe ich ja bereits gepostet. Deine C(XX)FLAGS beinhalten "-mmmx -msse" was nicht nur für OpenSSL tödlich ist...

TecServer
Anbieter
Posts: 91
Joined: 2006-04-08 21:41

Re: apache, mod_ssl => ssl handshake interrupted

Post by TecServer » 2007-09-23 21:41

bin schon am durchlesen von dem tutorial.
die frage die sich mir aber stellt: warum funktionierte SSL dann mit apache 2.0 und funktioniert auch auf dem anderen server den ich besitze? dort ist ebenso -mmmx -msse eingestellt

TecServer
Anbieter
Posts: 91
Joined: 2006-04-08 21:41

Re: apache, mod_ssl => ssl handshake interrupted

Post by TecServer » 2007-09-27 10:20

grüß dich joe,

hab ein paar dinge auf meinem server abermals gemacht und der anleitung in deinem tutorial angepasst, jedoch ist leider noch immer keine besserung in sicht :(
Weist du eventuell noch einen rat? Kanns sein dass durch den apache 2.0 auf 2.2 Wechsel das ssl Modul einen Knacks bekommen hat? Apache hat ja seine API grundlegend geändert weshalb ich auch suPHP neu kompillieren musste - eventuell gibts mod_ssl noch nicht für den 2.2?

User avatar
Joe User
Project Manager
Project Manager
Posts: 11138
Joined: 2003-02-27 01:00
Location: Hamburg

Re: apache, mod_ssl => ssl handshake interrupted

Post by Joe User » 2007-09-27 10:48

mod_ssl gehört seit Apache-2.0 zu den Standardmodulen und ist somit immer zur jeweiligen Apache-Version kompatibel.
Ich kann Deinen Fehler bei mir leider nicht reproduzieren:

Code: Select all

gentoo ~ # emerge -pv apache openssl

These are the packages that would be merged, in order:

Calculating dependencies... done!
[ebuild   R   ] www-servers/apache-2.2.6-r1  USE="mpm-worker ssl threads -debug -doc -ldap -mpm-event -mpm-itk -mpm-peruser -mpm-prefork -no-suexec (-selinux) -static-modules" 0 kB
[ebuild   R   ] dev-libs/openssl-0.9.8e-r2  USE="sse2 zlib -bindist -emacs -test" 0 kB

Total: 2 packages (2 reinstalls), Size of downloads: 0 kB
gentoo ~ #

Konfiguration siehe Wiki.

TecServer
Anbieter
Posts: 91
Joined: 2006-04-08 21:41

Re: apache, mod_ssl => ssl handshake interrupted

Post by TecServer » 2007-10-01 02:38

das problem konnte gefunden und eliminiert werden. so wie es aussieht genügt es dem neuen mod_ssl nicht, wenn nur der DocRoot angegeben ist, es muss auch eine directory direktive im ssl vhost angegeben sein sonst spinnt das system mit den obigen ssl fehlermeldungen