From owner-freebsd-questions@freebsd.org Mon Apr 2 04:57:02 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6D145F72884 for ; Mon, 2 Apr 2018 04:57:02 +0000 (UTC) (envelope-from bferrell@baywinds.org) Received: from baywinds.org (50-196-187-248-static.hfc.comcastbusiness.net [50.196.187.248]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "baywinds.org", Issuer "rr-v" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id E17FB6D4D1 for ; Mon, 2 Apr 2018 04:57:01 +0000 (UTC) (envelope-from bferrell@baywinds.org) Received: from [192.0.2.130] (rr-iii [192.0.2.130]) by baywinds.org (8.14.4/8.14.4) with ESMTP id w324ul9S017773; Sun, 1 Apr 2018 21:56:48 -0700 Subject: Re: apache24 ssl setup problems; "unknown protocol" [Solved] To: freebsd@dreamchaser.org, freebsd-questions@freebsd.org References: <3ebae04a-4928-7979-9100-b0c3317a5284@dreamchaser.org> <210673da-f441-491f-7de4-f4bfbadbf5a5@dreamchaser.org> <80dadfa7-ea5f-4027-f862-e1cd39f5694b@baywinds.org> From: Bruce Ferrell Message-ID: <59b606e3-eb2e-34c6-735e-d2ea211d39ee@baywinds.org> Date: Sun, 1 Apr 2018 21:56:47 -0700 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-Greylist: inspected by milter-greylist-4.5.12 (baywinds.org [192.0.2.134]); Sun, 01 Apr 2018 21:56:49 -0700 (PDT) for IP:'192.0.2.130' DOMAIN:'rr-iii' HELO:'[192.0.2.130]' FROM:'bferrell@baywinds.org' RCPT:'' X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.12 (baywinds.org [192.0.2.134]); Sun, 01 Apr 2018 21:56:49 -0700 (PDT) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Apr 2018 04:57:02 -0000 On 04/01/2018 07:03 PM, Gary Aitken wrote: > The problem turned out to be an apache configuration error related to > virtual hosts. > > The openssl error message was: >   SSL23_GET_SERVER_HELLO:unknown protocol > > I finally found this article (why I didn't get it on numerous other > searches is somewhat of a mystery): > https://stackoverflow.com/questions/15166950/unable-to-establish-ssl-connection-how-do-i-fix-my-ssl-cert#15168180 > which, while rather outdated in some respects, gives the right hint -- > the error is reported when the server sends back a normal http response > instead of https.  An easy test for this is to try connecting in a > browser to http[no s]://addr:443; if it works, the server isn't using > ssl. > > I had enabled and tweaked extra/httpd-ssl.conf; also httpd-vhosts.conf. > httpd-ssl.conf had ssl enabled so (default from install): >   >     ... >   SSLEngine on > > I had erroneously assumed including httpd-ssl.conf would turn it on > in the general case.  The virtual host definitions were missing the > directive to activate it.  Duh.  It's right there at the top of the > apache web page which I had used when I started... > > Thanks Bruce for your patience. > > Gary > Oops!  I hate it when I do things like that... WAY too often