While trying to connect to an Apache virtual host via SSL, the browser keeps returning very strange error messages like ...unsupported SSL version... or ...site returns an unexpected error code.... What's going on? Normally when we create a new virtual host for Apache, we don't bother to copy all the settings from httpd.conf. This is because Apache takes the base setup of the server as a default configuration. Each virtual host definition, therefore, is only specifying those configuration details that have changed from the default (like ServerName and DocumentRoot.) As such, we are accustomed to writing very short virtual host definitions.

Sadly, this doesn't work quite as well when creating SSL-based virtual hosts. Some of the settings that we assume will become defaults - don't!

If you get strange error messages when connecting to your SSL-based virtual host, it's probably because you need to copy some of the details in conf.d/ssl.conf to your virtual host definition. Here are the ones that tripped me up recently:

SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW

Once I realized that this was an issue I just copied out all the active lines from conf.d/ssl.conf - probably a bit of overkill. Still, it solved the problem.

That being said, there's no solution more effective than reading the docs to avoid trouble in the first place. Diligent admins will refresh their memories by reviewing the docs (something I failed to do recently... hence this note!)

Documentation for the SSLEngine directive is here. Don't forget to review the Apache mod_ssl FAQ.

< Prev		Next >