Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 1 Apr 2018 20:03:37 -0600
From:      Gary Aitken <freebsd@dreamchaser.org>
To:        Bruce Ferrell <bferrell@baywinds.org>, freebsd-questions@freebsd.org
Subject:   Re: apache24 ssl setup problems; "unknown protocol" [Solved]
Message-ID:  <b2fc47c5-fc0b-3e1b-22ea-244c96610c7c@dreamchaser.org>
In-Reply-To: <cc91a72c-f373-3438-c60c-8c519ac2afd9@dreamchaser.org>
References:  <acd1c4b7-72ce-0fd2-a640-4b3c22299a75@dreamchaser.org> <fc3125a2-14a1-6fe5-cc67-0a32f9361657@baywinds.org> <3ebae04a-4928-7979-9100-b0c3317a5284@dreamchaser.org> <eab52606-6f62-d88f-0682-9fe3ce1f470c@baywinds.org> <210673da-f441-491f-7de4-f4bfbadbf5a5@dreamchaser.org> <80dadfa7-ea5f-4027-f862-e1cd39f5694b@baywinds.org> <cc91a72c-f373-3438-c60c-8c519ac2afd9@dreamchaser.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
The problem turned out to be an apache configuration error related to
virtual hosts.

The openssl error message was:
   SSL23_GET_SERVER_HELLO:unknown protocol

I finally found this article (why I didn't get it on numerous other
searches is somewhat of a mystery):
   https://stackoverflow.com/questions/15166950/unable-to-establish-ssl-connection-how-do-i-fix-my-ssl-cert#15168180
which, while rather outdated in some respects, gives the right hint --
the error is reported when the server sends back a normal http response
instead of https.  An easy test for this is to try connecting in a
browser to http[no s]://addr:443; if it works, the server isn't using
ssl.

I had enabled and tweaked extra/httpd-ssl.conf; also httpd-vhosts.conf.
httpd-ssl.conf had ssl enabled so (default from install):
   <VirtualHost _default_:443>
     ...
   SSLEngine on

I had erroneously assumed including httpd-ssl.conf would turn it on
in the general case.  The virtual host definitions were missing the
directive to activate it.  Duh.  It's right there at the top of the
apache web page which I had used when I started...

Thanks Bruce for your patience.

Gary

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2fc47c5-fc0b-3e1b-22ea-244c96610c7c>