Apache + SSL 错误 336027900
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/683149/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Apache + SSL Error 336027900
提问by JamesArmes
I was reviewing the logs for my companies servers today and I discovered that there appears to be an error 336027900 logged every 5 minutes. This is what the log shows:
我今天正在查看我公司服务器的日志,我发现似乎每 5 分钟记录一次错误 336027900。这是日志显示的内容:
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection to child 3 established (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection closed to child 3 with abortive shutdown (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection to child 12 established (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection closed to child 12 with abortive shutdown (server localhost:443)
Our hosts are all behind a single proxy that is properly setup to handle SSL requests. I verified all of our vhost files have the ports setup appropriately. I have searched Google for this error message and found nothing of use. Any help would be greatly appreciated.
我们的主机都在一个单独的代理后面,该代理经过正确设置以处理 SSL 请求。我验证了我们所有的 vhost 文件都正确设置了端口。我在谷歌上搜索了这条错误信息,但没有发现任何有用的信息。任何帮助将不胜感激。
Thanks,
谢谢,
James Armes
詹姆斯·阿姆斯
采纳答案by Jeff
Do you have a monitoring application that connects to the server at 5 minute intervals?
您是否有每隔 5 分钟连接到服务器的监控应用程序?
That error looks familiar; I believe it occurs when a client connects but attempts to speak HTTP rather than HTTPS.
这个错误看起来很熟悉;我相信当客户端连接但尝试使用 HTTP 而不是 HTTPS 时会发生这种情况。
回答by Cory R. King
By the way, if you are doing a reverse proxy, you should look into letting the reverse proxy do the SSL instead of Apache. Clients hit the reverse proxy using SSL on 443, and the reverse proxy decrypts the whole thing and forwards it off to your apache server, who doesn't know a thing about SSL.
顺便说一下,如果你在做一个反向代理,你应该考虑让反向代理做 SSL 而不是 Apache。客户端在 443 上使用 SSL 访问反向代理,反向代理解密整个内容并将其转发到您的 apache 服务器,后者对 SSL 一无所知。
Both squid and nginx support it. That way you dont have to mess around with getting SSL working on apache.
squid 和 nginx 都支持它。这样你就不必为让 SSL 在 apache 上工作而烦恼。
回答by Chetpot
this looks like an "Internal Dummy Connection"
here is some more info on it:
http://wiki.apache.org/httpd/InternalDummyConnection
这看起来像一个“内部虚拟连接”,
这里有一些关于它的更多信息:http:
//wiki.apache.org/httpd/InternalDummyConnection
回答by Chetpot
I've seen this error when attempting to connect with a browser that only has SSLv2 enabled.
我在尝试连接仅启用 SSLv2 的浏览器时看到了此错误。
回答by Guy Stevens
The every five minutes thing sounds like Pingability.com (or the like) is hitting you.
每五分钟的事情听起来就像 Pingability.com(或类似网站)正在打击你。
回答by Andor
I think Jeff is right...
我认为杰夫是对的...
Some software is connecting to your servers without using ssl, maybe the proxy is sending some packages or some control messages, or you have any monitoring software, that connects each 5 minutes but doesnt take in account the SSL thing.
有些软件在不使用 ssl 的情况下连接到您的服务器,也许代理正在发送一些包或一些控制消息,或者您有任何监控软件,它每 5 分钟连接一次,但没有考虑 SSL 的事情。
