NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Apache gets SIGSEGV in ssl3_finish_mac()

On Sat, Nov 21, 2009 at 11:50 AM, Emmanuel Dreyfus <> 
> Hello
> I have a NetBSD box running apache that regulary dumps a core, always
> with a SIGSEGV in SSL code:
> #0 0xbbb37b54 in ssl3_finish_mac () from /usr/lib/
> #1 0xbbb343b2 in ssl3_do_write () from /usr/lib/
> #2 0xbbb2435e in ssl3_send_server_hello () from /usr/lib/
> #3 0xbbb2674f in ssl3_accept () from /usr/lib/
> #4 0xbbb3b7bd in SSL_accept () from /usr/lib/
> #5 0xbbb19bcb in ssl23_get_client_hello () from /usr/lib/
> #6 0xbbb1a356 in ssl23_accept () from /usr/lib/
> #7 0xbbb3b7bd in SSL_accept () from /usr/lib/
> The machine runs NetBSD 5.0_STABLE as of 200908010000Z, with
> apache-2.2.14 built from pkgsrc (as of today).
> httpd is linked with /usr/lib/, from built-in OpenSSL.
> openssl version says "OpenSSL 0.9.9-dev 09 May 2008"
> I have this in httpd.conf. It was copied from some place I don't really
> remeber. I have no idea whether it's good or if it would be better to
> remove the line (hint welcome):
> SSLCipherSuite
> It seems that Firefox 3.6 beta have a much higher chance of triggering
> the problem. Any idea of what can be wrong?

Your SSLCipherSuite is a little different from the default of:

It looks like you're attempting to explicitly exclude EXPORT56 which
gives me an error when I try to see what's included in that list:
fester$ openssl ciphers -v 'EXPORT56'
Error in cipher list
3148069380:error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no

I don't know why (!) excluding a list would cause an issue not caught
at server start, but I would try getting rid of EXPORT56 (or just
using the default SSLCipherSuite) and seeing if that helps.  If that
works I think it counts as a mod_ssl bug to not validate the
configured SSLCipherSuites.

Home | Main Index | Thread Index | Old Index