![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
jbsegal[Mon Mar 29 20:31:42 2004] [error] [client 65.78.24.140] Invalid method in request \x80m\x01\x03\x01
I can find lots of email archive threads discussing GETTING this error, but none that actually discusses fixing it in any sort of useful detail.
My webserver starts up JUST fine (according to the logs) and shows NO problems, until a client tries to connect to :443.
Anyone? Bueller?
The request (on the browser side) is just for https://site.dom.ain/
I can find lots of email archive threads discussing GETTING this error, but none that actually discusses fixing it in any sort of useful detail.
My webserver starts up JUST fine (according to the logs) and shows NO problems, until a client tries to connect to :443.
Anyone? Bueller?
The request (on the browser side) is just for https://site.dom.ain/
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
It's a bad request.
Date: 2004-03-29 05:53 pm (UTC)Do an SSL hit on it. lynx https://localhost/ and see if it goes okay. You should see an SSL session setup and teardown.
Re: It's a bad request.
Date: 2004-03-29 06:20 pm (UTC)> lynx https://localhost/
. . .
Alert!: Unable to make secure connection to remote host.
lynx: Can't access startfile https://localhost/
no subject
Date: 2004-03-29 05:56 pm (UTC)no subject
Date: 2004-03-29 06:25 pm (UTC)> apachectl configtest
Syntax OK
(I was going to post bits of my httpd.conf here...want to take a look at it?)
i think we're both right...
Date: 2004-03-29 06:43 pm (UTC)look for your ssl errorlog? you should have access_log, error_log for normal HTTP hits, but also ssl_engine.log and perhaps ssl_request.log
ssl_engine.log should ahve some good input.
Re: i think we're both right...
Date: 2004-03-29 06:53 pm (UTC)The ssl_errlog
( ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
)
is and always has been empty - iirc, EVEN WHEN THIS WAS WORKING on a previous machine - although the Engine log
( SSLLog logs/ssl_engine_log
) gets content.
Fuck. No, it's not empty...but it's not updating anything like you'd expect. I've got
[Mon Mar 29 18:55:41 2004] [error] mod_ssl: Init: (www.lse.org:443) Unable to configure RSA server private key (OpenSSL library error follows)
[Mon Mar 29 18:55:41 2004] [error] OpenSSL: error:0B080074:lib(11):func(128):reason(116)
as the only content, though I've run numerous tests during the past 3-4 hours (it's 21:50 now and I tested just before cating the log.)
the engine_log says, for the last startup:
[29/Mar/2004 21:32:25 19452] [info] Server: Apache/1.3.27, Interface: mod_ssl/2.8.12, Library: OpenSSL/0.9.6b
[29/Mar/2004 21:32:25 19452] [info] Init: 1st startup round (still not detached)
[29/Mar/2004 21:32:25 19452] [info] Init: Initializing OpenSSL library
[29/Mar/2004 21:32:25 19452] [info] Init: Loading certificate & private key of SSL-aware server www.dom.ain:443
[29/Mar/2004 21:32:25 19452] [info] Init: Requesting pass phrase via builtin terminal dialog
[29/Mar/2004 21:32:34 19452] [info] Init: Requesting pass phrase via builtin terminal dialog
[29/Mar/2004 21:32:41 19452] [info] Init: Wiped out the queried pass phrases from memory
[29/Mar/2004 21:32:41 19452] [info] Init: Seeding PRNG with 136 bytes of entropy
[29/Mar/2004 21:32:41 19452] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[29/Mar/2004 21:32:44 19452] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[29/Mar/2004 21:32:46 19470] [info] Init: 2nd startup round (already detached)
[29/Mar/2004 21:32:46 19470] [info] Init: Reinitializing OpenSSL library
[29/Mar/2004 21:32:46 19470] [info] Init: Seeding PRNG with 136 bytes of entropy
[29/Mar/2004 21:32:46 19470] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[29/Mar/2004 21:32:46 19470] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[29/Mar/2004 21:32:46 19470] [info] Init: Initializing (virtual) servers for SSL
[29/Mar/2004 21:32:46 19470] [info] Init: Configuring server www.dom.ain:443 for SSL protocol
So there's something in the httpd.conf...
(or NOT in it, or something.)
What I /think/ is the important section follows:
The ssl_errlog
( ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
)
is and always has been empty - iirc, EVEN WHEN THIS WAS WORKING on a previous machine - although the Engine log
( SSLLog logs/ssl_engine_log
) gets content.
Fuck. No, it's not empty...but it's not updating anything like you'd expect. I've got
[Mon Mar 29 18:55:41 2004] [error] mod_ssl: Init: (www.lse.org:443) Unable to configure RSA server private key (OpenSSL library error follows)
[Mon Mar 29 18:55:41 2004] [error] OpenSSL: error:0B080074:lib(11):func(128):reason(116)
as the only content, though I've run numerous tests during the past 3-4 hours (it's 21:50 now and I tested just before cating the log.)
the engine_log says, for the last startup:
[29/Mar/2004 21:32:25 19452] [info] Server: Apache/1.3.27, Interface: mod_ssl/2.8.12, Library: OpenSSL/0.9.6b
[29/Mar/2004 21:32:25 19452] [info] Init: 1st startup round (still not detached)
[29/Mar/2004 21:32:25 19452] [info] Init: Initializing OpenSSL library
[29/Mar/2004 21:32:25 19452] [info] Init: Loading certificate & private key of SSL-aware server www.dom.ain:443
[29/Mar/2004 21:32:25 19452] [info] Init: Requesting pass phrase via builtin terminal dialog
[29/Mar/2004 21:32:34 19452] [info] Init: Requesting pass phrase via builtin terminal dialog
[29/Mar/2004 21:32:41 19452] [info] Init: Wiped out the queried pass phrases from memory
[29/Mar/2004 21:32:41 19452] [info] Init: Seeding PRNG with 136 bytes of entropy
[29/Mar/2004 21:32:41 19452] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[29/Mar/2004 21:32:44 19452] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[29/Mar/2004 21:32:46 19470] [info] Init: 2nd startup round (already detached)
[29/Mar/2004 21:32:46 19470] [info] Init: Reinitializing OpenSSL library
[29/Mar/2004 21:32:46 19470] [info] Init: Seeding PRNG with 136 bytes of entropy
[29/Mar/2004 21:32:46 19470] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[29/Mar/2004 21:32:46 19470] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[29/Mar/2004 21:32:46 19470] [info] Init: Initializing (virtual) servers for SSL
[29/Mar/2004 21:32:46 19470] [info] Init: Configuring server www.dom.ain:443 for SSL protocol
So there's something in the httpd.conf...
(or NOT in it, or something.)
What I /think/ is the important section follows:
<IfDefine HAVE_SSL>
<VirtualHost www.dom.ain:443>
DocumentRoot "/var/www/html"
ServerName www.dom.ain
ServerAdmin webmaster@dom.ain
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/server.crt
SSLCACertificatePath /etc/httpd/conf/ssl.crt/
SSLVerifyClient optional
SSLVerifyDepth 10
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</VirtualHost>
</IfDefine>
What am I missing?
Re: i think we're both right...
Date: 2004-03-29 07:13 pm (UTC)Re: i think we're both right...
Date: 2004-03-29 08:02 pm (UTC)