LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > Install/Configuration > [solved] SSL 500 Internal Server error with Mac/iPad/Safari

Reply
 
Thread Tools Display Modes
  #1  
Old 02-10-2011, 06:35 AM
thehelpdesk thehelpdesk is offline
Member
  
Join Date: Feb 2011
Posts: 14
Default [solved] SSL 500 Internal Server error with Mac/iPad/Safari
We've got LiteSpeed Web Server 4.0.19 installed on a CentOS 5.5 x86_64 base. A chained CA SSL certificate is installed on one of the virtual hosts as an SSL listener on the standard port 443.

All Windows based browsers and clients can access the site without any problems over SSL. However, when a Mac with Safari or Chrome, or an iPad, tries to access the site they get a 500 Internal Server error. When this certificate is installed on an Apache server there's no problem or error with any clients on Windows or Mac.

It seemed to be an SSL negotiation error so we referenced Apple's mod_ssl developer list and changed the LiteSpeed Web Server cipher manually to "ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SS Lv2:+EXP:+eNULL" as a test but that still does not work for these Mac based clients. We then backed out SSLv2 and enabled SSLv3 and TLSv1 as another test "ALL:!ADH:!EXPORT56:RC4+RSA:+SSLv3:-SSLv2:+TLSv1:+HIGH:+MEDIUM:+LOW:+EXP:+eNULL" but this also fails for these Mac based clients.

When the entire site structure is removed and we only have a "hello world" file there the clients get a timeout error. We have increased all the LSWS timeouts, dynamic and static etc, to 60 seconds and longer to no avail.

Has anyone else experienced problems with SSL and LSWS web server like this and were able to overcome them?
Last edited by NiteWave; 02-11-2011 at 06:33 PM..
Reply With Quote
  #2  
Old 02-10-2011, 11:38 AM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,583
enable debug logging, then check error log.
Reply With Quote
  #3  
Old 02-10-2011, 04:24 PM
thehelpdesk thehelpdesk is offline
Member
  
Join Date: Feb 2011
Posts: 14
We've enabled Debug logging at the Server and Virtual Host levels, restarted LSWS, and reviewed the error log. The error log does not log anything in relation to the hits/500 time out errors we're seeing on the Mac based computers. We also don't see anything logged in relation to them in the access log. Which seems to indicate its dying out at the encryption or protocol level.
Reply With Quote
  #4  
Old 02-11-2011, 09:04 AM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,583
Can you try tcpdump on server side or Mac side

tcpdump -s0 -X host <ip_of_peer>
Reply With Quote
  #5  
Old 02-11-2011, 06:32 PM
NiteWave NiteWave is offline
LiteSpeed Staff
  
Join Date: Sep 2009
Posts: 2,216
confirmed to be a firewall issue and fixed. from customer:
"there was an errant firewall rule ... That has been corrected and now the SSL encryption is going through... not LiteSpeed's SSL implementation"
Reply With Quote
Reply

Tags
lsws, mac, ssl

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 11:42 AM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.