Date: Sat, 31 Mar 2018 16:20:00 -0600 From: Gary Aitken <freebsd@dreamchaser.org> To: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: apache24 ssl setup problems; "unknown protocol" Message-ID: <acd1c4b7-72ce-0fd2-a640-4b3c22299a75@dreamchaser.org>
next in thread | raw e-mail | index | archive | help
Hi all,
I'm trying to set up apache24 ssl for the first time; getting nowhere
very slowly.
Server starts up ok, serves port 80 normally as usual.
sockstat shows it listening on 443 ok.
When I attempt to connect I get this:
$ openssl s_client -connect 192.168.151.101:443
CONNECTED(00000003)
34379279064:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:782:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 291 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1522531949
Timeout : 300 (sec)
Verify return code: 0 (ok)
I assume the problem is the unknown protocol issue, but it's not clear
to me what the unknown protocol it's looking for is.
My extra/httpd-ssl.conf says:
SSLProtocol all -SSLv3
and my extra/httpd-vhosts.conf does not override it.
The error log simply says:
[core:debug] [pid 13758] protocol.c(1272): ... : request failed: malformed request line
Running apache24-2.4.25_1 on a 10.3 amd64
Thanks,
Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?acd1c4b7-72ce-0fd2-a640-4b3c22299a75>