Can't connect to ssl!

[MtK]

normal web browsing shows the SSL Certificate is fine and valid, but /var/log/error.log shows:

2010:06:24-22:30:08: Can't connect to ssl!
2010:06:24-22:30:08: -> A failure in the SSL library occurred, usually a rotocol error.
2010:06:24-22:30:08: -> error:00000001:lib(0):func(0):reason(1)

what could it be?





btw, there seem to be a typo in the word: rotocol

 

[localhost]

What distro? What version of OpenSSL? What version of Apache?
Also show the output of the commands:

httpd -t -D DUMP_MODULES

and just to make sure everything is ok

netstat -tapn | grep :443

Cheers!

 

[MtK]

# httpd -t -D DUMP_MODULES

Loaded Modules:
 core_module (static)
 authn_file_module (static)
 authn_default_module (static)
 authz_host_module (static)
 authz_groupfile_module (static)
 authz_user_module (static)
 authz_default_module (static)
 auth_basic_module (static)
 include_module (static)
 filter_module (static)
 deflate_module (static)
 log_config_module (static)
 logio_module (static)
 env_module (static)
 headers_module (static)
 unique_id_module (static)
 setenvif_module (static)
 version_module (static)
 proxy_module (static)
 proxy_connect_module (static)
 proxy_ftp_module (static)
 proxy_http_module (static)
 proxy_scgi_module (static)
 proxy_ajp_module (static)
 proxy_balancer_module (static)
 ssl_module (static)
 mpm_prefork_module (static)
 http_module (static)
 mime_module (static)
 dav_module (static)
 status_module (static)
 autoindex_module (static)
 asis_module (static)
 suexec_module (static)
 cgi_module (static)
 dav_fs_module (static)
 dav_lock_module (static)
 negotiation_module (static)
 dir_module (static)
 actions_module (static)
 userdir_module (static)
 alias_module (static)
 rewrite_module (static)
 so_module (static)
 suphp_module (shared)
Syntax OK

# netstat -tapn | grep :443

tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      14927/httpd

# openssl version

OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

# httpd -v

Server version: Apache/2.2.15 (Unix)
Server built:   Jun 21 2010 17:14:04

# uname -r

2.6.18-194.3.1.el5

(Centos 5.5)

 

[localhost]

Can you provide the website ?

 

[MtK]

Can you provide the website ?

meshutafim.com

 

[localhost]

As I looked over it seems like somebody tried some weird HTTP client like curl or wget. You should ignore this message, it's a SSL protocol handshake mismatch because of new OpenSSL and old clients.

 

[nobaloney]

@MtK:

When I visit the site I notice that the blue browser identifier in Firefox goes away and the browser finds what it calls unauthenticated content. That generally means there are links to images on non-secure servers. Since these days the browser publishers are trying to educate people to look for the colored identifier next to the URL, you may want to look into that.

But the site does come up and is secure.

So I'd believe that localhost has identified the problem.

Jeff

 

[LawsHosting]

Sorry to bump an old thread, however, I am currently experiencing this same situation:

2011:04:28-14:46:16: Can't connect to ssl!
2011:04:28-14:46:16: -> A failure in the SSL library occurred, usually a protocol error.
2011:04:28-14:46:16: -> error:00000001:lib(0):func(0):reason(1)
2011:04:28-14:47:27: Can't connect to ssl!
2011:04:28-14:47:27: ->syscall
2011:04:28-14:47:30: Can't connect to ssl!
2011:04:28-14:47:30: ->syscall
2011:04:28-14:47:30: Can't connect to ssl!
2011:04:28-14:47:30: ->syscall
2011:04:28-14:47:31: Can't connect to ssl!
2011:04:28-14:47:31: ->syscall
2011:04:28-14:47:31: Can't connect to ssl!
2011:04:28-14:47:31: ->syscall
2011:04:28-14:47:33: Can't connect to ssl!
2011:04:28-14:47:33: ->syscall

Anyone managed to find out why, is it ok to ignore it? The certificate works nether the less.
Thanks

 

[MtK]

I'm not sure I know the answer for this issue.
I've started DA in debug mode, and the only things I found were:

• OS doesn't support IPv6. Dropped down to IPv4: (Address family not supported by protocol)
• 7: User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.12 Safari/535.11
  didn't find the encrytped text
• 5: Cookie: ....... DOMAIN.COM
  where the domain is not the correct one

 

[janton]

Maybe this is usefull for 1 of you, i also had this error and after research i did not have the CA installed for one of my domains:
CA: Step 4: Install the CA Root Certificate > http://www.site-helper.com/ssl.html
I don't know if i will still have those error:00000001:lib(0):func(0):reason(1) i will check during the week(s)
It's very VERY important that you do, because without that your certificate will not work with users that have Windows and Browse in Firefox.. (but in my case it did works so i never noticed, but after testing in VMware i noticed firefox did not know the certificate!!)

 

[Anton]

I am also getting this error now

012:09:02-19:42:54: Can't connect to ssl!
2012:09:02-19:42:54: -> A failure in the SSL library occurred, usually a protocol error.
2012:09:02-19:42:54: -> error:00000001:lib(0):func(0):reason(1)