Openssl Exit Error In Sslv3 Read Certificate Verify A
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have
Openssl: I/o Error, 5 Bytes Expected To Read On Bio
Meta Discuss the workings and policies of this site About Us failed in sslv3 read client certificate a Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with
Openssl: I/o Error, 7 Bytes Expected To Read On
us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only openssl exit error in sslv3 read client hello c takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top OpenSSL Handshake Failure (14094410) - Erroneous Client Certificate Check from Mobile Phone up vote 0 down vote favorite I'm running a proxy server through Apache with modssl, which we're openssl: exit: error in sslv2/v3 read client hello a using to proxy POSTs from mobile devices to another internal server. This works successfully for most clients, but requests from a specific phone model (Nokia 2690) are showing a bizarre handshake failure. It looks as though OpenSSL is either requesting (or attempting to read an unsolicited) client certificate from the phone (which is especially bizarre because j2me's kssl implementation doesn't support client certs). I've disabled client certificates with the SSLVerifyClient none directive in both the virtual host conf and the modssl conf. The trace from error.log on debug level is (details redacted): [client 41.220.207.10] Connection to child 0 established (server www.myserver.org:443) [info] Seeding PRNG with 656 bytes of entropy [debug] ssl_engine_kernel.c(1866): OpenSSL: Handshake: start [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: before/accept initialization [debug] ssl_engine_io.c(1882): OpenSSL: read 11/11 bytes from BIO#7fe3fbaf17a0 [mem: 7fe3fbaf90d0] (BIO dump follows) [debug] ssl_engine_io.c(1815): +-------------------------------------------------------------------------+ [debug] ssl_engine_io.c(1860): +-------------------------------------------------------------------------+ [debug] ssl_engine_io.c(1882): OpenSSL: read 49/49 bytes from BIO#7fe3fbaf17a0 [mem: 7fe3fbaf90db] (BIO dump follows) [debug] ssl_engine_io.c(1815): +-------------------------------------------------------------------------+ [debug] ssl_engine_io.c(1860): +-------------------------------------------------------------------------+ [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: SSLv3 read client hello A [debug] ssl_engine_kernel.c(1
here for a quick overview of the site Help Center Detailed answers to any questions you might have Meta Discuss the workings and policies of this site About Us Learn more
End Of File Found Ssl Input Filter Read Failed
about Stack Overflow the company Business Learn more about hiring developers or posting openssl logs ads with us Stack Overflow Questions Jobs Documentation Tags Users Badges Ask Question x Dismiss Join the Stack Overflow Community Stack
Re-negotiation Handshake Failed: Not Accepted By Client!?
Overflow is a community of 6.2 million programmers, just like you, helping each other. Join them; it only takes a minute: Sign up Error in SSLv2/SSLv3 read client hello up vote 4 down vote http://serverfault.com/questions/279189/openssl-handshake-failure-14094410-erroneous-client-certificate-check-from-m favorite Some Background: I am trying to setup reverse proxy for my internal business users for site validation when the external route is down. I am able to setup multiple routes with corresponding virtualhosts entries in httpd.conf for port 80 : anonymous user. Am afraid am stuck at SSL route and unable to make progress. I have been to multiple forums but unable to find a response which assists http://stackoverflow.com/questions/31303077/error-in-sslv2-sslv3-read-client-hello me in moving further. Server Details: Apache version: Apache/2.2.29 (Unix) Linux Version: $ cat /etc/*-release Enterprise Linux Enterprise Linux Server release 5.8 (Carthage) Oracle Linux Server release 5.8 Red Hat Enterprise Linux Server release 5.8 (Tikanga) Problem: When I try to access over SSL (*:443) I get empty response on all 3 browsers (IE/Chrome/Firefox). Note: I generated self signed certificate following instructions at How to Create and Install an Apache Self Signed Certificate. Troubleshooting Error Log [Wed Jul 08 23:16:06 2015] [notice] Digest: generating secret for digest authentication ... [Wed Jul 08 23:16:06 2015] [notice] Digest: done [Wed Jul 08 23:16:06 2015] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x21b6ff0 rmm=0x21b7048 for VHOST: stgwww.cos.agilent.com [Wed Jul 08 23:16:06 2015] [debug] util_ldap.c(1990): LDAP merging Shared Cache conf: shm=0x21b6ff0 rmm=0x21b7048 for VHOST: stgwww.cos.agilent.com [Wed Jul 08 23:16:06 2015] [info] APR LDAP: Built with OpenLDAP LDAP SDK [Wed Jul 08 23:16:06 2015] [info] LDAP: SSL support available [Wed Jul 08 23:16:06 2015] [info] mod_unique_id: using ip addr 127.0.0.1 [Wed Jul 08 23:16:07 2015] [info] Init: Seeding PRNG with 144 bytes of entropy [Wed Jul 08 23:16:07 2015] [info] Loading certificate & private key of SSL-aware server [Wed Jul 08 23:16:07 2015] [debug] ssl_engine_pphrase.c(470): unencrypted RSA private key
♦ Locked 4 messages yermej@gmail.com Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Getting "OpenSSL: Exit: error in SSLv3 read client certificate A" when client connects I'm using OpenSSL 0.9.8o 01 Jun 2010 on Debian http://openssl.6102.n7.nabble.com/Getting-quot-OpenSSL-Exit-error-in-SSLv3-read-client-certificate-A-quot-when-client-connects-td42184.html 6.0.2. Client verification is disabled. I've written a SOAP server app that uses SSL. The only client that connects to it is completely out of my control. Though there have been no changes on either end that I'm aware of, the client is no longer able to connect to the server. I can see from the error message that something is going wrong during the SSL handshake, but I have no idea what (the actual server uses ruby & soap4r). I'm just getting error in the error message "SSL_accept SYSCALL returned=5 errno=0 state=SSLv3 read client certificate A" I set up apache on the server and was able to get a more detailed error message which is at http://pastebin.com/vvnLi9BQ Basically, it seems like the client is sending an EOF before the handshake is complete, but I've been assured that the client is working just as it's always been. Also this client connects to several other companies' servers and I believe they're all still working correctly. I'm pretty sure in sslv3 read the client is written in Java in case that matters. I can connect to the server with a browser just fine. Is this a common issue? Any suggestions for a fix or work-around? A web search hasn't turned up much of anything. Thanks, Jeremy yermej@gmail.com Reply | Threaded Open this post in threaded view ♦ ♦ | Report Content as Inappropriate ♦ ♦ Re: Getting "OpenSSL: Exit: error in SSLv3 read client certificate A" when client connects I now have an ssldump of an incoming connection. I think it shows the client is closing the connection before the handshake is even complete. Is there any way the server is responsible for this behavior? Thanks. New TCP connection #4: xxxxx.com(12900) <-> a.b.c.d(443) 4 1 0.0362 (0.0362) C>S Handshake ClientHello Version 3.1 cipher suites TLS_RSA_WITH_RC4_128_MD5 TLS_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_WITH_3DES_EDE_CBC_SHA compression methods NULL 4 2 0.0365 (0.0003) S>C Handshake ServerHello Version 3.1 session_id[32]= 4c 37 df 98 4e c2 6d 26 28 23 67 4e ab 79 fd 4d f7 a8 e0 7e d8 47 37 38 c8 cc 06 db 43 f1 e3 a0