The Apache Haus Forum

Forum Topics => News & General Discussion => Topic started by: medico6601 on September 22, 2017, 03:52:37 PM

Title: May i ask some question
Post by: medico6601 on September 22, 2017, 03:52:37 PM
We have 2.2.15+openssl0.9.8(m|n). We've found that this combination can cause embedded PHP aplications to throw this errer:

    error:14092073:SSL routines:SSL3_GET_SERVER_HELLO:bad packet length

The same PHP app works fine from the command line. I was eventually able to show, with phpinfo(), that when embedded in apache, the PHP module picks up the openssl libraires from apache, and they have problems handling the case. The command-line openssl in your apache release has the same problem as described in the article เล่นคาสิโนบนมือถือ (http://www.ufa365.com/สมัครufabet/)

Switching to apachelounge binaries has allowed or app to continue working, but it seemed worth pointing out. (In our case, the problem did not become apparent until our linux servers picked up patches from Red Hat  which now support RFC 5746)
Title: Re: May i ask some question
Post by: Gregg on September 22, 2017, 07:26:07 PM
RFC 5746 covers renegotiation. Maybe your old app requires client-side negotiation which as far as I can remember OpenSSL doesn't allow by default, because it's vulnerable to some kind of attack. Now it might require a switch during build time but I'm not going to use it because client side renegotiation is dangerous.

Other than that, I have no clue what it could be.