https on port 443 won't work with SuSE 9.2

Axel Schwarzer shw at schwarzer.d.uunet.de
Sun Aug 21 11:04:55 PDT 2005 

After a switch from SuSE 8.1 to 9.2 I'm neither able to make https-connections to CUPS nor to Apache. The logs show:

[21/Aug/2005:19:35:42 +0200] 192.168.4.65 - - "\x80\x8c\x01\x03\x01" 966 "-" "-" (Apache)
Aug 21 19:11:30 basis cupsd[2123]: Bad request line "\200\214^A^C^A" from localhost! (CUPS)

and a commandline check with openssl yields:

root at basis: ~;(RC=1) # openssl s_client -connect 192.168.4.65:443 -state -debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 080AC298 [080AC708] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ......c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00   .............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40   b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00   ..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 43 71   ..............Cq
0070 - 3d 97 8b 6c 66 46 59 a7-7a a3 8f fa fd 38 8b 8e   =..lfFY.z....8..
0080 - de 28 b3 8e 59 fc 1e 04-5b 9e cd bd 22 81         .(..Y...[...".
SSL_connect:SSLv2/v3 write client hello A
read from 080AC298 [080B1C68] (7 bytes => 7 (0x7))
0000 - 3c 3f 78 6d 6c 20 76                              <?xml v
SSL_connect:error in SSLv2/v3 read server hello A
12894:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:475:

Because two applications are concerned, my conclusion is that something needs to be done with openssl (openssl-0.9.7d-25). Unfortunately googling around only showed that many other suffer from the same effect, but I wasn't able to figure out a solution for myself.

Can anyone help out? Is it possible that some cryptographic algorithms are missing in SuSE 9.2? As far as I know algorithms for media encoding have been left out and some programs are not on the public available media (only via download). Any hint is very well appreciated.

   -shw-

More information about the cups mailing list