Ssl – Apache OpenSSL Loop

apache-2.2opensslssl

I just configured the sites on my Windows Azure Hosted Ubuntu 12.04 Apache server to use SSL, the sites are working and redirecting correctly.
Here is my virtual host configuration: 

<VirtualHost *:80>
ServerName site1.company.com
Redirect permanent / https://site1.company.com/
</VirtualHost>

<VirtualHost *:443>
DocumentRoot /var/www/site1
ServerName site1.company.com
Options -Indexes
DirectoryIndex login.php
SSLEngine on
SSLCertificateFile /etc/apache2/certs/company.com.crt
SSLCertificateKeyFile /etc/apache2/certs/server1.key
SSLCertificateChainFile /etc/apache2/certs/gd_bundle.crt
</VirtualHost>

All virtual hosts are configured almost identically. However I'm seeing a LOT of entries in Apache's error log that has me worried about performance/issues during production.

[debug] ssl_engine_kernel.c(1866): OpenSSL: Handshake: start
[debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: before/accept initialization
[debug] ssl_engine_io.c(1908): OpenSSL: I/O error, 11 bytes expected to read on BIO#7f8f746c6ae0     [mem: 7f8f746cc0d0]
[debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: error in unknown state
[info] [client x.x.x.x] (70014)End of file found: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!]
[info] [client x.x.x.x.] Connection closed to child 5 with abortive shutdown (server site1.company.com:443)
[info] [client x.x.x.x] Connection to child 0 established (server site1.company.com:443)
[info] Seeding PRNG with 656 bytes of entropy

This loop repeats itself every 15 seconds. Have I misconfigured something? All sites work correctly without errors.

Best Answer

The mystery here has been solved, it was Azure's load balancer probe. I don't know why the IP address was reporting as registered in Hong Kong, but it makes a lot of sense now. I had to delete and recreate the endpoints in order to update the endpoints status and correct the issue.

It is all documented at http://social.msdn.microsoft.com/Forums/silverlight/en-US/04589d2d-4acb-4f86-a2d0-957dc2a73a4f/endpoints-not-working-dns-scans-them

This would of been a lot easier to figure out if 168.63.129.16 wasn't registered in Hong Kong (that was the ip that was hitting my server)

Related Topic