Login or Register to Ask a Question and Join Our Community


Solaris

handshake/connection errors

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Solaris handshake/connection errors
# 1  
Old 10-30-2008
handshake/connection errors
I'm running solaris openssl 097l and I upgraded to 098h. I see errors in the logs that seem like debugging errors that showed up, but seemed to happen in both versions I believe. I am using a certificate from another machine to test for this server. I believe the error messages generate when I access the page (as the IP is my PC), and the https pages does come up.

There are entries when I start ssl, and the entries when I request an https page. I've removed alot of lines that contain only debug errors and no messages.

1) I am seeing all debug errors (they are bolded)
2) In the same session, it seems to start different connections, and them some of them see to close badly (could that be when I look at the certificate)

Thank you in advance for any assistance.

[Thu Oct 30 10:45:22 2008] [info] Loading certificate & private key of SSL-aware server
[Thu Oct 30 10:45:22 2008] [debug] ssl_engine_pphrase.c(469): unencrypted RSA private key - pass phrase not required
[Thu Oct 30 10:45:26 2008] [info] Configuring server for SSL protocol
[Thu Oct 30 10:45:26 2008] [debug] ssl_engine_init.c(384): Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[Thu Oct 30 10:45:26 2008] [debug] ssl_engine_init.c(580): Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[Thu Oct 30 10:45:26 2008] [debug] ssl_engine_init.c(708): Configuring RSA server certificate
[Thu Oct 30 10:45:26 2008] [debug] ssl_engine_init.c(747): Configuring RSA server private key

[Thu Oct 30 10:46:31 2008] [info] [client 10.10.10.60] Connection to child 9 established (server The Server News)

[Thu Oct 30 10:46:31 2008] [info] Seeding PRNG with 0 bytes of entropy
[Thu Oct 30 10:46:31 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Thu Oct 30 10:46:31 2008] [info] Connection: Client IP: 10.10.10.60, Protocol: TLSv1, Cipher: RC4-MD5 (128/128 bits)

[Thu Oct 30 10:46:31 2008] [debug] ssl_engine_io.c(1828): OpenSSL: I/O error, 5 bytes expected to read on BIO#18f278 [mem: 1a50a8]

[Thu Oct 30 10:46:31 2008] [info] [client 10.10.10.60] (70014)End of file found: SSL input filter read failed.
[Thu Oct 30 10:46:31 2008] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished successfully

[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection to child 16 established (server The Server News)

[Thu Oct 30 10:46:36 2008] [info] Seeding PRNG with 0 bytes of entropy
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
------------------------------+
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: SSLv3 read client hello A
Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] (70014)End of file found: SSL input filter read failed.

[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1770): OpenSSL: Write: SSL negotiation finished successfully
[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection closed to child 16 with standard shutdown (server The Server News)
[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection to child 14 established (server The Server News)

[Thu Oct 30 10:46:36 2008] [info] Seeding PRNG with 0 bytes of entropy
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1752): OpenSSL: Handshake: start
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_kernel.c(1760): OpenSSL: Loop: before/accept initialization
[Thu Oct 30 10:46:36 2008] [info] Initial (No.1) HTTPS request received for child 14 (server The Server News)
[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection closed to child 14 with unclean shutdown (server The Server News)

[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection to child 17 established (server The Server News)
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_io.c(1817): OpenSSL: read 11/11 bytes from BIO#18f278 [mem: 19f090] (BIO dump follows)
[Thu Oct 30 10:46:36 2008] [debug] ssl_engine_io.c(1795): +-------------------------------------------------------------------------+
[Thu Oct 30 10:46:36 2008] [info] Initial (No.1) HTTPS request received for child 17 (server The Server News)
[Thu Oct 30 10:46:36 2008] [info] [client 10.10.10.60] Connection closed to child 17 with unclean shutdown (server The Server News)
# 2  
Old 10-31-2008
This is due to a bug with IE whereby IE closes the SSL connection without issuing the proper SSL protocol
# 3  
Old 11-10-2008
Thank you. Is there a fix for it either at the IE level or SSL?
# 4  
Old 11-10-2008
hello,

I tried to access the same page in firefox and although I did not get all the "connection closed with unclean shutdown", I did get all the debugging output. What is causing the detailed output of the connection?

Also, I pulled up the same page on a server that is still running 0.9.7l and I did not get any messages, info or debug.

Any suggestions would be appreciated.

Thanks
# 5  
Old 11-10-2008
I see the LogLevel in httpd.conf is set to debug, so that is causing the debug output.
Last edited by csgonan; 11-10-2008 at 05:25 PM..
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

How keep running a program n an another computer via a connection ssh when the connection is closed?

Hi everybody, I am running a program on a supercomputer via my personal computer through a ssh connection. My program take more than a day to run, so when I left work with my PC I stop the connection with the supercomputer and the program stop. I am wondering if someone know how I can manage... (2 Replies)
Discussion started by: TomTomGre
2 Replies

2. UNIX for Dummies Questions & Answers

No mail sending - Deferred: 403 4.7.0 TLS handshake failed

Please help! I am in urgent need of assistance. What started out as a small problem with IMAP folders not working seems to have spread. Our mail server, Scalix running on CentOS 5.5 isn't sending out any mail. There are now over 400 emails queued waiting to go out, all of which give the... (0 Replies)
Discussion started by: beckyboo
0 Replies

3. Solaris

Solaris 10 ftp connection problem (connection refused, connection timed out)

Hi everyone, I am hoping anyone of you could help me in this weird problem we have in 1 of our Solaris 10 servers. Lately, we have been having some ftp problems in this server. Though it can ping any server within the network, it seems that it can only ftp to a select few. For most servers, the... (4 Replies)
Discussion started by: labdakos
4 Replies

4. UNIX for Advanced & Expert Users

Connection reset by peer..closing connection

Hello I'm facing the above problem while doing a performance run. I've a script which I'm launching from my windows desktop using mozilla. The script will invoke backend action on a Solaris host which in turn feeds the records to a driver located on a linux box(Cent OS). What's happening is... (1 Reply)
Discussion started by: subramanyab
1 Replies

5. UNIX for Dummies Questions & Answers

windows linux handshake !!

hi i wanted to know how to read the status of RTS/CTS line using ioctl calls....i am programming using c/c++ and linux if someone can post a code snippet or suggest a book for the same...it will be very helpful.... 2. also i will like to know can a windows application and a rtos application... (1 Reply)
Discussion started by: nivea_jmd
1 Replies

6. IP Networking

Incomplete three way handshake

I've got a strange problem with a single mail sender (it is one of those large free mail providers). My mail server works well with thousands of senders but not this one, so we have made a connection dump and it seems that the three way handshake is not completed 15:55:59.177431 IP... (0 Replies)
Discussion started by: 3wayTrouble
0 Replies

7. UNIX for Dummies Questions & Answers

Major OS errors/Bash errors help!!!!

Hi all, dummy here.... I have major errors on entering the shell. On login I get: -bash: dircolors: command not found -bash: tr: command not found -bash: fgrep: command not found -bash: grep: command not found -bash: grep: command not found -bash: id: command not found -bash: [: =: unary... (12 Replies)
Discussion started by: wcmmlynn
12 Replies

8. AIX

Adapter Errors and Link Errors

$ errpt | more IDENTIFIER TIMESTAMP T C RESOURCE_NAME DESCRIPTION 3074FEB7 0802050205 T H fscsi1 ADAPTER ERROR B8113DD1 0802050205 T H fcs1 LINK ERROR B8113DD1 0802050205 T H fcs1 LINK ERROR 3074FEB7 0802050205 T H fscsi0 ADAPTER ERROR B8113DD1 ... (2 Replies)
Discussion started by: mcastill66
2 Replies

9. UNIX for Advanced & Expert Users

Adapter Errors and Link Errors

$ errpt | more IDENTIFIER TIMESTAMP T C RESOURCE_NAME DESCRIPTION 3074FEB7 0802050205 T H fscsi1 ADAPTER ERROR B8113DD1 0802050205 T H fcs1 LINK ERROR B8113DD1 0802050205 T H fcs1 LINK ERROR 3074FEB7 0802050205 T H fscsi0 ADAPTER ERROR B8113DD1 ... (0 Replies)
Discussion started by: mcastill66
0 Replies

10. Programming

Three way handshake

Hi , I am mukesh. i would like to know the procedure of 3 - way handshake. (1 Reply)
Discussion started by: mukeshmca2
1 Replies
Login or Register to Ask a Question