Apache + SSL Error 336027900

Question

I was reviewing the logs for my companies servers today and I discovered that there appears to be an error 336027900 logged every 5 minutes. This is what the log shows:

[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection to child 3 established (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:19 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:19 2009] [info] [client 127.0.0.1] Connection closed to child 3 with abortive shutdown (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection to child 12 established (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] Seeding PRNG with 656 bytes of entropy
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] SSL library error 1 in handshake (server localhost:443)
[Wed Mar 25 15:10:20 2009] [info] SSL Library Error: 336027900 error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to HTTPS port!?
[Wed Mar 25 15:10:20 2009] [info] [client 127.0.0.1] Connection closed to child 12 with abortive shutdown (server localhost:443)

Our hosts are all behind a single proxy that is properly setup to handle SSL requests. I verified all of our vhost files have the ports setup appropriately. I have searched Google for this error message and found nothing of use. Any help would be greatly appreciated.

Thanks,

James Armes

Answer 1

Do you have a monitoring application that connects to the server at 5 minute intervals?

That error looks familiar; I believe it occurs when a client connects but attempts to speak HTTP rather than HTTPS.

Answer 2

I think Jeff is right...

Some software is connecting to your servers without using ssl, maybe the proxy is sending some packages or some control messages, or you have any monitoring software, that connects each 5 minutes but doesnt take in account the SSL thing.

Answer 3

By the way, if you are doing a reverse proxy, you should look into letting the reverse proxy do the SSL instead of Apache. Clients hit the reverse proxy using SSL on 443, and the reverse proxy decrypts the whole thing and forwards it off to your apache server, who doesn't know a thing about SSL.

Both squid and nginx support it. That way you dont have to mess around with getting SSL working on apache.

Answer 4

I've seen this error when attempting to connect with a browser that only has SSLv2 enabled.

Answer 5

The every five minutes thing sounds like Pingability.com (or the like) is hitting you.