We’re using Apache 2.2.22 on Windows 2008 R2 Enterprise.
Our application uses SSL (OpenSSL) and is getting a well documented error which I cannot yet find the fix for. The error is that SOMETIMES in firefox only, this happens:
Refreshing (or hitting “try again”) fixes the error, but that is just a workaround.
Additonally, trying to connect using the Python 3 urllib.request library gives the error
urllib.error.URLError: <urlopen error [Errno 1] _ssl.c:392: error:1408E0F4:SSL routines:SSL3_GET_MESSAGE:unexpected message>
My best guess is that these are the same issue but I can’t pin it down.
One website recommends a fix for nginx but I do not know how to translate this into a fix for apache. I’m not a server administration expert but I figured I could probably find one here.
A lot of people are having this error so I’m sure whoever solves this will be an internet hero!
EDIT:
I’ve been having problems replicating the error, but I finally found someone running FF 13 that hit it. I didn’t get any good debug info, but I hit “try again” about 10 times and suddenly I got a 200 OK and the site showed up.
Meanwhile I’m running FF 13 and FF 14 on my machine (tried both) and neither of them hit the issue.
Looks like someone else has found the answer, and my google-fu failed me.
From the site:
“I finally figured out that Firefox was screwing up when using the TLS 1.0 protocol. So all I had to do was edit my Apache 2.2 httpd.conf to have this line:
I don’t like this solution though. The Mozilla Firefox team should release a build of Firefox that is statically linked to a newer version of the OpenSSL library which doesn’t suffer from this bug. I much prefer TLS because of the added security it provides, so I ended up with a line that opted for security over broken SSL library compatibility:
Also note that I disable SSL v2 as well bacause it’s widely known to be inherently flawed.”
EDIT: I’ve added the following to my httpd-ssl.conf file and am checking to see if it worked: