Topic: Even after disabling SSLv3,SSLroutines:ssl3_get_record come

[sarthakmohanty]

I'm running with Apache/2.4.33 (Win64) & OpenSSL/1.1.0h
Even after I disabled SSLv3 under httpd.conf file under Apache HTTPD instance, still I could see below entries under the logs.

[Thu Sep 06 08:03:29.846614 2018] [ssl:info] [pid 41160:tid 1048] [client 10.70.6.88:57840] AH01964: Connection to child 62 established (server fst2msdweb03:17443)
[Thu Sep 06 08:03:29.846614 2018] [ssl:info] [pid 41160:tid 1048] [client 10.70.6.88:57840] AH02008: SSL library error 1 in handshake (server fst2msdweb03:17443)
[Thu Sep 06 08:03:29.846614 2018] [ssl:info] [pid 41160:tid 1048] SSL Library Error: error:1408F10B:SSL routines:ssl3_get_record:wrong version number
[Thu Sep 06 08:03:29.846614 2018] [ssl:info] [pid 41160:tid 1048] [client 10.70.6.88:57840] AH01998: Connection closed to child 62 with abortive shutdown (server fst2msdweb03:17443)

I have added below entries under httpd.conf file after enabling SSL Engine within the same.

SSLProtocol all -SSLv2 -SSLv3

Can anyone help me understand, what's causing this issue & offer any assistance to get this resolved.

It appears to me that, even though SSLv3 is disabled, somehow the system is explicitly trying to use SSLv3 and thus connectivity is failing.

Verified with OpenSSL binaries with s_client option via ssl3 and it's failing with the same exception as I have disabled it & expected.

[James Blond]

That is an SSL3 Handshake error. Are you sure that your port 443 is open and forwared to apache ( if you use a router)? Sometimes ISPs block that port.

You may test your server at https://www.ssllabs.com/ssltest/

if you still have a question please ask again.