Apache Error + SSL 336027900

I looked through the logs for the servers of my companies today, and I found that error 336027900 seemed to be logged every 5 minutes. This shows the log:

[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection to child 3 established (server localhost:443) [Wed Mar 25 15:10:19 2009] [info] Seeding PRNG with 656 bytes of entropy [Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443) [Wed Mar 25 15:10:19 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!? [Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection closed to child 3 with abortive shutdown (server localhost:443) [Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection to child 12 established (server localhost:443) [Wed Mar 25 15:10:20 2009] [info] Seeding PRNG with 656 bytes of entropy [Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443) [Wed Mar 25 15:10:20 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!? [Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection closed to child 12 with abortive shutdown (server localhost:443) 

Our hosts are all behind a single proxy that is correctly configured to handle SSL requests. I have confirmed that all of our vhost files have the appropriate port settings. I searched Google for this error message and did not find anything useful. Any help would be greatly appreciated.

Thanks,

James armes

+4
source share
6 answers

Do you have a monitoring application that connects to the server with an interval of 5 minutes?

This mistake looks familiar; I believe this happens when the client connects, but tries to speak HTTP, not HTTPS.

+3
source

By the way, if you are doing a reverse proxy, you should take a look at allowing the reverse proxy to use SSL instead of Apache. Clients access the reverse proxy using SSL on 443, and the reverse proxy decrypts all this and redirects it to your Apache server, which knows nothing about SSL.

Both squid and nginx support it. This way you don't have to bother with SSL working on apache.

+1
source

it looks like an โ€œinternal dummy linkโ€
here is some more info about it:
http://wiki.apache.org/httpd/InternalDummyConnection

+1
source

I think Jeff is right ...

Some software connects to your servers without using ssl, perhaps the proxy sends some packets or some control messages, or you have some monitoring software that connects every 5 minutes but does not take SSL into account.

0
source

I saw this error when trying to establish a connection with a browser in which only SSLv2 protocol is enabled.

0
source

Every five minutes, a thing sounds like Pingability.com (or the like) amazes you.

0
source

All Articles