unknown protocol speaking not SSL to HTTPS port on apache2 reload/restart

Bug #795315 reported by Forest on 2011-06-10
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
apache2 (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: apache2

After enabling ssl on my apache2 installation, doing an apache2 reload or restart produces messages like this in the error log:

SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?

These are explained here:

http://wiki.apache.org/httpd/InternalDummyConnection#SSL_Considerations

Simply reordering the Listen directives in /etc/apache2/ports.conf solves the problem. I'm attaching a patch.

Forest (foresto) wrote :
tags: added: patch
Dave Walker (davewalker) wrote :

Thanks for reporting this issue and attaching a patch! I'd like to clarify which release you are seeing this behaviour on, as my understanding of upstream is that it was resolved in their trunk ~2 years ago. I would have expected this to be fixed in a later release of ubuntu when the upstream fix reached us.

However, if this is not the case - we need to investigate further. Marking Incomplete pending clarification where this behaviour is being witnessed.

Thanks!

Changed in apache2 (Ubuntu):
status: New → Incomplete
Forest (foresto) wrote :

This was seen on Ubuntu Maverick just a week or two ago.

Changed in apache2 (Ubuntu):
status: Incomplete → New
Scott Moser (smoser) wrote :

I'm marking this triaged, It seems like:
a.) it could easily be fixed in ubuntu
b.) it is very low priority
c.) Per apache svn 2.3.1 [1], this is fixed in releases 2.3.1 and newer. Ubuntu [2] is at 2.2.19. It might make more sense to cherry pick the upstream commit if possible [3]
d.) we'd like to forward it to debian.

--
[1] http://svn.apache.org/viewvc?view=revision&revision=726065
[2] https://launchpad.net/ubuntu/+source/apache2
[3] http://svn.apache.org/viewvc/httpd/httpd/trunk/server/mpm_common.c?r1=722399&r2=726065&pathrev=726065

Changed in apache2 (Ubuntu):
importance: Undecided → Low
status: New → Triaged
Scott Moser (smoser) wrote :

Heres a debdiff that we could apply to oneiric to cherry pick the SVN commit from apache.
I've also just now pushed this to my ppa (https://launchpad.net/~smoser/+archive/ppa), so a build will appear there later.

It would be great if you can verify if that fixes the warning. I just ran out of time to do so.

Scott Moser (smoser) wrote :

@Forest,
  Could you verify if the debdiff/ppa build fix the issue for you?
  You can re-build for your release, or use a vm , or test on EC2 or Eucalyptus Community Cloud (http://open.eucalyptus.com/CommunityCloud#Signup).

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers