[Mod_nss-list] Apache, mod_nss SSL Library Error: -8023 Unknown
Rob Crittenden
rcritten at redhat.com
Mon Jul 18 15:43:51 UTC 2016
Remy van Elst wrote:
>
> Hi there,
>
> I'm using mod_nss on Ubuntu 16.04 with Apache, the Nitrokey HSM and the
> OpenSC PKCS#11 module. I do experience frequent crashes of Apache. The
> browsers gives SSL_ERROR_HANDSHAKE_FAILURE_ALERT.
>
>
> This is in the error log, with Loglevel debug:
>
> [Sat Jul 16 08:51:21.798715 2016] [:info] [pid 15788] Connection to
> child 2 established (server rsa1024.tst.raymii.org
> <http://rsa1024.tst.raymii.org>, client 172.16.20.55)
> [Sat Jul 16 08:51:21.799585 2016] [:info] [pid 15788] SSL input
> filter read failed.
> [Sat Jul 16 08:51:21.799889 2016] [:error] [pid 15788] SSL Library
> Error: -8152 The key does not support the requested operation
> [Sat Jul 16 08:51:21.800184 2016] [:info] [pid 15788] Connection to
> child 2 closed (server rsa1024.tst.raymii.org:443
> <http://rsa1024.tst.raymii.org:443>, client 172.16.20.55)
> [Sat Jul 16 08:51:21.840763 2016] [:info] [pid 15791] SSL input
> filter read failed.
> [Sat Jul 16 08:51:21.841044 2016] [:error] [pid 15791] SSL Library
> Error: -8023 Unknown
> [Sat Jul 16 08:51:21.841245 2016] [:info] [pid 15791] Connection to
> child 3 closed (server rsa1024.tst.raymii.org:443
> <http://rsa1024.tst.raymii.org:443>, client 172.16.20.55)
> [Sat Jul 16 08:51:21.932461 2016] [:info] [pid 15791] Connection to
> child 3 established (server rsa1024.tst.raymii.org
> <http://rsa1024.tst.raymii.org>, client 172.16.20.55)
> [Sat Jul 16 08:51:21.933291 2016] [:info] [pid 15791] SSL input
> filter read failed.
> [Sat Jul 16 08:51:21.933480 2016] [:error] [pid 15791] SSL Library
> Error: -8152 The key does not support the requested operation
>
> This problem occurs when loading a Wordpres site. A simple single HTML
> page also gives this error, but it takes many more refreshes. The
> Wordpress site triggers it after a few (5, 6) pages.
>
> A restart of the Apache server is required to make the error go away.
What version of NSS and mod_nss do you have installed? I'm not sure if
this is a PKCS#11 issue or something else.
rob
More information about the Mod_nss-list
mailing list