LiteSpeed Technologies
Download Download     Blog Blog     Wiki Wiki     Forum Forum     Store     Contact Contact    

Go Back   LiteSpeed Support Forums > LiteSpeed Web Server > Install/Configuration > SSL listeners cannot initiate handshake?

Reply
 
Thread Tools Display Modes
  #1  
Old 10-19-2006, 03:58 PM
dreamscape dreamscape is offline
Member
  
Join Date: Oct 2006
Posts: 28
Default SSL listeners cannot initiate handshake?
Hey,

I have installed the latest version of LiteSpeed on my Mac PowerBook (PPC) running OS X 10.4.8. I'm a PHP developer and using it for local development sites. I've migrated from Apache with no big problems other than it did not properly setup the SSL hosts. No big deal though as there are only a few at the moment.

I have several virtual hosts setup and have also setup OS X with 24 local IP addresses (127.0.0.1 - 127.0.0.24) because I often need to be able to test SSL locally. The certificates are self signed and the keys are unencrypted.

However, when I setup an SSL listener and restart the server, it does not accept any connections. There is nothing in the log files either about it; no errors, no access. The Status page in the server admin shows the SSL listeners are up and running, but none of them are working on either the IP or the domain assigned to the listener.

I know the cert & keys are fine because they ran fine in Apache. I generated them based on this guide from Apple: http://developer.apple.com/internet/...de/modssl.html

All that Safari tells me is that it could not establish a secure connection to the server.

If I try to connect to the SSL host from curl it gives me a more informative error about a handshake failure:
Code:
PowerBook-G4:~ dreamscape$ curl https://127.0.0.2
curl: (35) error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
So far I am very impressed with both the speed and lightweight-ness of LiteSpeed, and this is the only stumbling block I've hit. Does anyone know what might be wrong?
Reply With Quote
  #2  
Old 10-19-2006, 04:32 PM
dreamscape dreamscape is offline
Member
  
Join Date: Oct 2006
Posts: 28
hmm, I thought I tried these settings before and they did not work, but I guess it must have been a dream.

For anyone else who may be using Apple's guide to generate test certs, the only way I could get them to work is with these settings:

SSL Protocol, SSL Version: SSL v3.0 + TLS v1.0
SSL Protocol, Encryption Level: HIGH + MEDIUM + LOW

You can also throw in SSL v2.0 and eNULL if you want to but the critical thing is that both SSL v3.0 *and* TLS v1.0 are enabled. Otherwise it will not work. Which seems a bit odd because in Apple's guide, the code they give you for Apache's httpd.conf excludes SSLv3 (the "SSLProtocol all -SSLv3" part) and there are no problems. So I'm not sure what the deal is here, but oh well at least I figured out some settings that will work. :-)
Reply With Quote
  #3  
Old 10-19-2006, 05:30 PM
mistwang mistwang is offline
LiteSpeed Staff
  
Join Date: May 2003
Location: New Jersey
Posts: 7,603
Yeah, SSL v3.0 has to be checked.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -7. The time now is 03:12 AM.



- Archive - Top
© Copyright 2003-2011 LiteSpeed Technologies, Inc. All rights reserved. Privacy Policy.