Date: Sun, 1 Apr 2018 20:03:37 -0600 From: Gary Aitken <freebsd@dreamchaser.org> To: Bruce Ferrell <bferrell@baywinds.org>, freebsd-questions@freebsd.org Subject: Re: apache24 ssl setup problems; "unknown protocol" [Solved] Message-ID: <b2fc47c5-fc0b-3e1b-22ea-244c96610c7c@dreamchaser.org> In-Reply-To: <cc91a72c-f373-3438-c60c-8c519ac2afd9@dreamchaser.org> References: <acd1c4b7-72ce-0fd2-a640-4b3c22299a75@dreamchaser.org> <fc3125a2-14a1-6fe5-cc67-0a32f9361657@baywinds.org> <3ebae04a-4928-7979-9100-b0c3317a5284@dreamchaser.org> <eab52606-6f62-d88f-0682-9fe3ce1f470c@baywinds.org> <210673da-f441-491f-7de4-f4bfbadbf5a5@dreamchaser.org> <80dadfa7-ea5f-4027-f862-e1cd39f5694b@baywinds.org> <cc91a72c-f373-3438-c60c-8c519ac2afd9@dreamchaser.org>
next in thread | previous in thread | raw e-mail | index | archive | help
The problem turned out to be an apache configuration error related to virtual hosts. The openssl error message was: SSL23_GET_SERVER_HELLO:unknown protocol I finally found this article (why I didn't get it on numerous other searches is somewhat of a mystery): https://stackoverflow.com/questions/15166950/unable-to-establish-ssl-connection-how-do-i-fix-my-ssl-cert#15168180 which, while rather outdated in some respects, gives the right hint -- the error is reported when the server sends back a normal http response instead of https. An easy test for this is to try connecting in a browser to http[no s]://addr:443; if it works, the server isn't using ssl. I had enabled and tweaked extra/httpd-ssl.conf; also httpd-vhosts.conf. httpd-ssl.conf had ssl enabled so (default from install): <VirtualHost _default_:443> ... SSLEngine on I had erroneously assumed including httpd-ssl.conf would turn it on in the general case. The virtual host definitions were missing the directive to activate it. Duh. It's right there at the top of the apache web page which I had used when I started... Thanks Bruce for your patience. Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2fc47c5-fc0b-3e1b-22ea-244c96610c7c>