From owner-freebsd-questions@freebsd.org Sat Mar 31 22:20:50 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 49B3BF55BFD for ; Sat, 31 Mar 2018 22:20:50 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from nightmare.dreamchaser.org (ns.dreamchaser.org [66.109.141.57]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "nightmare.dreamchaser.org", Issuer "nightmare.dreamchaser.org" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id C4172787EF for ; Sat, 31 Mar 2018 22:20:49 +0000 (UTC) (envelope-from freebsd@dreamchaser.org) Received: from breakaway.dreamchaser.org (breakaway [192.168.151.122]) by nightmare.dreamchaser.org (8.15.2/8.15.2) with ESMTP id w2VMKfLH014069 for ; Sat, 31 Mar 2018 16:20:41 -0600 (MDT) (envelope-from freebsd@dreamchaser.org) To: FreeBSD Mailing List Reply-To: freebsd@dreamchaser.org From: Gary Aitken Subject: apache24 ssl setup problems; "unknown protocol" Message-ID: Date: Sat, 31 Mar 2018 16:20:00 -0600 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.6.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 31 Mar 2018 22:20:50 -0000 Hi all, I'm trying to set up apache24 ssl for the first time; getting nowhere very slowly. Server starts up ok, serves port 80 normally as usual. sockstat shows it listening on 443 ok. When I attempt to connect I get this: $ openssl s_client -connect 192.168.151.101:443 CONNECTED(00000003) 34379279064:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 291 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1522531949 Timeout : 300 (sec) Verify return code: 0 (ok) I assume the problem is the unknown protocol issue, but it's not clear to me what the unknown protocol it's looking for is. My extra/httpd-ssl.conf says: SSLProtocol all -SSLv3 and my extra/httpd-vhosts.conf does not override it. The error log simply says: [core:debug] [pid 13758] protocol.c(1272): ... : request failed: malformed request line Running apache24-2.4.25_1 on a 10.3 amd64 Thanks, Gary