Bug 61327

Summary: Sporadic unknown SSL protocol error / server aborted the SSL handshake
Product: Apache httpd-2 Reporter: Ben RUBSON <ben.rubson>
Component: AllAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: NEW ---    
Severity: major CC: dbetterton
Priority: P2    
Version: 2.4-HEAD   
Target Milestone: ---   
Hardware: PC   
OS: All   

Description Ben RUBSON 2017-07-22 11:09:50 UTC

I have some automated requests to my Apache HTTPS server, using Curl.
Everything works fine since months, until yesterday.

Sporadically, some of the requests did not finish correctly.
Relaunching the Curl command right after successfully terminated.
Same issue from several different locations (so not a network issue).
Even without no load at all to the server, launching the requests manually...

Curl returned the following :

* About to connect() to mynice.server.com port 443 (#0)
*   Trying x.y.z.t...
* connected
* Connected to mynice.server.com (x.y.z.t) port 443 (#0)
* successfully set certificate verify locations:
*   CAfile: ca.pem
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to mynice.server.com:443 
* Closing connection #0
curl: (35) Unknown SSL protocol error in connection to mynice.server.com:443 

*   Trying x.y.z.t...
* Connected to mynice.server.com (x.y.z.t) port 443 (#0)
* Server aborted the SSL handshake
* Closing connection 0
curl: (35) Server aborted the SSL handshake

I tried to reload Apache, same issue.
I restarted it and was not able to reproduce the issue.
Unfortunatelly I did not think about setting Apache into verbose/debug mode
and reloading it to have further info... I will if issue will come again.

Anyway, perhaps you already eared about such a thing ?

# httpd -V
Server version: Apache/2.4.25 (FreeBSD)
Server built:   unknown
Server's Module Magic Number: 20120211:67
Server loaded:  APR 1.5.2, APR-UTIL 1.5.4
Compiled using: APR 1.5.2, APR-UTIL 1.5.4
Architecture:   64-bit
Server MPM:     prefork
  threaded:     no
    forked:     yes (variable process count)

# uname -sr
FreeBSD 11.0-RELEASE-p8

Thank you very much,

Best regards,