unknown protocol speaking not SSL to HTTPS port on apache2 reload/restart

Bug #795315 reported by Forest
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Triaged
Low
Unassigned

Bug Description

Binary package hint: apache2

After enabling ssl on my apache2 installation, doing an apache2 reload or restart produces messages like this in the error log:

SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?

These are explained here:

http://wiki.apache.org/httpd/InternalDummyConnection#SSL_Considerations

Simply reordering the Listen directives in /etc/apache2/ports.conf solves the problem. I'm attaching a patch.

Tags: patch
Revision history for this message
Forest (foresto) wrote :
tags: added: patch
Revision history for this message
Dave Walker (davewalker) wrote :

Thanks for reporting this issue and attaching a patch! I'd like to clarify which release you are seeing this behaviour on, as my understanding of upstream is that it was resolved in their trunk ~2 years ago. I would have expected this to be fixed in a later release of ubuntu when the upstream fix reached us.

However, if this is not the case - we need to investigate further. Marking Incomplete pending clarification where this behaviour is being witnessed.

Thanks!

Changed in apache2 (Ubuntu):
status: New → Incomplete
Revision history for this message
Forest (foresto) wrote :

This was seen on Ubuntu Maverick just a week or two ago.

Changed in apache2 (Ubuntu):
status: Incomplete → New
Revision history for this message
Scott Moser (smoser) wrote :

I'm marking this triaged, It seems like:
a.) it could easily be fixed in ubuntu
b.) it is very low priority
c.) Per apache svn 2.3.1 [1], this is fixed in releases 2.3.1 and newer. Ubuntu [2] is at 2.2.19. It might make more sense to cherry pick the upstream commit if possible [3]
d.) we'd like to forward it to debian.

--
[1] http://svn.apache.org/viewvc?view=revision&revision=726065
[2] https://launchpad.net/ubuntu/+source/apache2
[3] http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm_common.c?r1=722399&r2=726065&pathrev=726065

Changed in apache2 (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Scott Moser (smoser) wrote :

Heres a debdiff that we could apply to oneiric to cherry pick the SVN commit from apache.
I've also just now pushed this to my ppa (https://launchpad.net/~smoser/+archive/ppa), so a build will appear there later.

It would be great if you can verify if that fixes the warning. I just ran out of time to do so.

Revision history for this message
Scott Moser (smoser) wrote :

@Forest,
  Could you verify if the debdiff/ppa build fix the issue for you?
  You can re-build for your release, or use a vm , or test on EC2 or Eucalyptus Community Cloud (http://open.eucalyptus.com/CommunityCloud#Signup).

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.