elaka / mod-spdy

Automatically exported from code.google.com/p/mod-spdy
0 stars 0 forks source link

mod_spdy doesn't work with SSLRequireSSL #31

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
From the mod-spdy-discuss mailing list:

  I have a weird problem with mod_spdy and the ssl option SSLRequireSSL.
  Without the option i get a SPDY connection, but when I turn on
  SSLRequireSSL on a directory I get "403 Forbidden" and in the ssl
  error log: 

  [debug] ssl_engine_io.c(1925): OpenSSL: I/O error, 5 bytes expected to read on BIO#7f5461b71130 [mem: 7f5461b98083]
  [error] access to /var/www/html/ failed, reason: SSL connection required"

  If I turn off spdy, the ssl connection works.

Original issue reported on code.google.com by mdste...@google.com on 6 Mar 2012 at 10:08

GoogleCodeExporter commented 8 years ago
I believe I know what the problem is here, but it will take some investigation 
to figure out how to fix it.

The issue is a quirk of how mod_spdy works: although the actual network 
connection to the client uses SSL encryption, the SPDY stream requests are 
handled internally using "virtual" connections for which mod_ssl is disabled.  
Unfortunately, this means that mod_ssl thinks that these requests are not being 
served over SSL, so it denies access.

I'll take a look and see what we can do.

Original comment by mdste...@google.com on 6 Mar 2012 at 10:17

GoogleCodeExporter commented 8 years ago

Original comment by bmcqu...@google.com on 16 Apr 2012 at 10:00

GoogleCodeExporter commented 8 years ago
Is there any solution?

Original comment by ragim...@gmail.com on 29 Apr 2012 at 5:11

GoogleCodeExporter commented 8 years ago
Same prob here... Any solution yet?

Original comment by xsign....@gmail.com on 3 May 2012 at 8:17

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
I have this problem too, any ideas?

Original comment by peb...@gmail.com on 23 Oct 2012 at 7:40

GoogleCodeExporter commented 8 years ago
I have the same issue any idea when an update will be available?

Original comment by da...@sztykman.com on 26 Nov 2012 at 2:08

GoogleCodeExporter commented 8 years ago
same problem here, any news?

Original comment by JRSmile1...@gmail.com on 24 Feb 2013 at 12:22

GoogleCodeExporter commented 8 years ago
the solution is to don't use SSLRequireSSL , instead, use RewriteEngine to 
redirect user to ssl, which is better than error page anyway.

Original comment by sunyuc...@gmail.com on 1 Nov 2013 at 3:32

GoogleCodeExporter commented 8 years ago
no, the "solution" is a bugfix...

Original comment by joern.be...@gmail.com on 1 Nov 2013 at 9:51

GoogleCodeExporter commented 8 years ago
Yes, a workaround isn't a solution.

Original comment by laurent....@gmail.com on 3 Nov 2013 at 9:04

GoogleCodeExporter commented 8 years ago
Issue 94 has been merged into this issue.

Original comment by mdste...@google.com on 29 Jul 2014 at 2:27

GoogleCodeExporter commented 8 years ago
Having this problem also. Is there a fix?

Thanks

Original comment by sha...@gmail.com on 5 Feb 2015 at 12:44

GoogleCodeExporter commented 8 years ago
The fix is not to use SSLRequireSSL
So you have to check all your apache .conf files and remove all the 
SSLRequireSSL

I was using Plesk so removing the SSLRequireSSL would be a no go for me since 
that every time Plesk got an update/upgrade the "problem" would come back, so I 
gave up on mod_spdy

Hope some day the new team in charge of mod_spdy will get a way to make it work.

Original comment by s...@funny-cat.com on 5 Feb 2015 at 8:47

GoogleCodeExporter commented 8 years ago
Re:
"I was using Plesk so removing the SSLRequireSSL would be a no go for me since 
that every time Plesk got an update/upgrade the "problem" would come back, so I 
gave up on mod_spdy"

You can copy the template files from 
/usr/local/psa/admin/conf/templates/default to 
/usr/local/psa/admin/conf/templates/custom and edit the 
domain/domainVirtualHost.php file to avoid Plesk to overwrite your changes 
every update / upgrade.

Just comment out:
<?php if ($OPT['ssl']): ?>
        # SSLRequireSSL
<?php endif; ?>

Then regenerate your http.conf files:
 /usr/local/psa/admin/bin/httpdmng --reconfigure-all

Original comment by cont...@web-vision.de on 4 May 2015 at 9:50

GoogleCodeExporter commented 8 years ago
same issue, apache 2.4.7, mod_spdy, mod_ssl-npn, fastcgi, the connection died 
within some seconds to the client. f.e. Wordpress lost the connection during 
writing an article, or shopware can't open the backend (here: connection dies 
during loading some big libraries) 

Original comment by esm...@zwilla-research.com on 13 May 2015 at 1:22