Proxy Error During Ssl Handshake With Remote Server Returned By
Contents |
Start here for a quick overview of the site Help Center Detailed answers to any questions you might have ssl handshake with remote server failed Meta Discuss the workings and policies of this site About Us (502)unknown error 502: proxy: pass request body failed to Learn more about Stack Overflow the company Business Learn more about hiring developers or posting ads with
Ah00898: Error During Ssl Handshake With Remote Server Returned By
us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network administrators. Join them; it only takes
Sslproxyverify
a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top Need help trouble shooting Https webserver error - SSL Handshake failed up vote 8 down vote favorite 4 I followed this guide: http://hints.macworld.com/article.php?story=20041129143420344 Here is my virtual host definition
Start here for a quick overview of the site Help Center Detailed answers to any questions
Sslproxycheckpeercn
you might have Meta Discuss the workings and policies of this ah01084: pass request body failed site About Us Learn more about Stack Overflow the company Business Learn more about hiring developers ah00898: error reading from remote server returned by or posting ads with us Server Fault Questions Tags Users Badges Unanswered Ask Question _ Server Fault is a question and answer site for system and network http://serverfault.com/questions/356678/need-help-trouble-shooting-https-webserver-error-ssl-handshake-failed administrators. Join them; it only takes a minute: Sign up Here's how it works: Anybody can ask a question Anybody can answer The best answers are voted up and rise to the top proxy:error AH00898: Error during SSL Handshake with remote server up vote 8 down vote favorite 4 I have a server that http://serverfault.com/questions/538086/proxyerror-ah00898-error-during-ssl-handshake-with-remote-server acts as a front-end for a cPanel mailserver in a network. The apache proxy on the front-end server ran for 152 days without fault then suddenly I now get 500/502 errors when using it to access the webmail clients of the mailserver. The front-end server uses a signed SSL cert, the cPanel sever is using a self signed cert. Here is the error log output from the front-end server when it first started happening: [Tue Sep 10 18:22:52.959291 2013] [proxy:error] [pid 19531] (502)Unknown error 502: [client 173.xx.xx.xx:9558] AH01084: pass request body failed to 184.xx.xx.xx:2096 (184.xx.xx.xx), referer: https://domain.com:2096/cpsess12385596/3rdparty/roundcube/?_task=mail&_refresh=1&_mbox=INBOX
[Tue Sep 10 18:22:52.959469 2013] [proxy:error] [pid 19531] [client 173.xx.xx.xx:9558] AH00898: Error during SSL Handshake with remote server returned by /cpsess12385596/3rdparty/roundcube/, referer: https://domain.com:2096/cpsess12385596/3rdparty/roundcube/?_task=mail&_refresh=1&_mbox=INBOX The front-end server is an EC2 instance running Apache/2.4.6 (Amazon) My VirtualHost setup for the proxy on this server is as follows: < VirtualHost *:2096> ServerName domain.com
SSLEngine on SSLProxyEngine on SSLProxyVerify none SSLProxyCheckPeerCN off SSLCertificateFile /x/x/x/domain.com.crt SSLCertificateKeyFilFavorite Rating: Usere getting HTTP 502 error accessing secure Web server via Access Gateway with TLS 1.2 enabledThis document (7015539) is provided subject to the disclaimer at the end https://www.netiq.com/support/kb/doc.php?id=7015539 of this document. Environment NetIQ Access Manager 4.0NetIQ Access Manager Access Gateway Service running on RHEL 6.5TLS 1.2 OpenSSL enabled on Access Gateway as per https://www.netiq.com/documentation/netiqaccessmanager4/enable_tls_nam40/data/enable_tls_nam40.html Reverse Proxy -> Web Servers https://www.apachelounge.com/viewtopic.php?t=5320 -> Web Server Trusted Root: Do not verify enabled Situation Access Manager 4.0 setup and working well. To improve security, all SSL/TLS transactions were set to use TLS 1.2. Both the remote server NAM Identity Server and Access Gateway Server components were updated as per the above doc to enable TLS 1.2 (installed the additional apache package using the install_AG_Openssl101.sh script). After making the changes, all proxy services except one worked.Users accessing the problem secure Web server woul dget 502 errors, and the error_log file on the AG would report the following: [error] (502)Unknown error ssl handshake with 502: proxy: pass request body failed to 10.175.121.57:443 (10.175.121.57) AMEVENTID#8: proxy: Error during SSL Handshake with remote server returned by Tests were done adding a few SSL advanced options, but to no avail. These options included: - SSLProxyCheckPeerCN off - SSLProxyProtocol +SSLv2 +SSLv3 +TLSv1 +TLSv1.1 - SSLProxyVerify none LAN traces show that the AG would close the TCP connection after the Server Hello Done is returned from the secure web server. Resolution Modified the Advanced Options for this proxy service to include the following:SSLProxyCipherSuite ALL:!EDH:!DHE:!ECDHE:!ECDH:!ADH:RC4+RSA:!EDH:+HIGH:+MEDIUM:+LOW:!SSLv2:!3DES:!DES:+EXP Cause The cipher sent back from the Web server is something Apache failed to handle correctly, hence the TCP FIN to close the connection with the Web server.By using the SSLProxyCipherSuite advanced option above, the list of supported ciphers the AG could negotiate was reduced. The Web server then responded with a cipher than AG supported and the SSL handshake was able to complete successfully. DisclaimerThis Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal
contribution towards the costs, the time and effort that's going in this site and building. Thank You! Steffen Apache Lounge is not sponsored by anyone.Your donations will help to keep this site alive and well, and continuing the building of the binaries. Apache 2.4.4 Reverse Proxy and SSL issue Apache Forum Index -> Apache Building & Member Downloads View previous topic :: View next topic Author Message raviJoined: 01 May 2013Posts: 7Location: india Posted: Tue 07 May '13 12:03 Post subject: Apache 2.4.4 Reverse Proxy and SSL issue Hi all, Apache is built with openssl OpenSSL/1.0.1e and i configured it with reverse proxy and ssl. when i requested https://localhost/ it gives response "it works!" and when i requested https://localhost/app1/ it gives folling message in browser Proxy Error The proxy server could not handle the request GET /app1/. Reason: Error during SSL Handshake with remote server when i open apache error lo file i found following logs: [Tue May 07 15:11:34.982849 2013] [ssl:warn] [pid 5272:tid 1988] AH02268: Proxy client certificate callback: (www.example.com:443) downstream server wanted client certificate but none are configured [Tue May 07 15:11:34.992851 2013] [proxy_http:error] [pid 5272:tid 1988] (502)Unknown error: [client ::1:8839] AH01084: pass request body failed to 172.16.17.218:443 (172.16.17.218) [Tue May 07 15:11:34.992851 2013] [proxy:error] [pid 5272:tid 1988] [client ::1:8839] AH00898: Error during SSL Handshake with remote server returned by /app1/ [Tue May 07 15:11:34.992851 2013] [proxy_http:error] [pid 5272:tid 1988] [client ::1:8839] AH01097: pass request body failed to 172.16.17.218:443 (172.16.17.218) from ::1 () [Tue May 07 15:11:35.010855 2013] [mpm_winnt:notice] [pid 6544:tid 732] AH00428: Parent: child process 5272 exited with status 3221225477 -- Restarting. [Tue May 07 15:11:36.161085 2013] [ssl:wa