IPv6 working fine, IPv4 throws OpenSSL error
Posted
by
jippie
on Server Fault
See other posts from Server Fault
or by jippie
Published on 2012-11-03T15:30:42Z
Indexed on
2012/11/03
17:05 UTC
Read the original article
Hit count: 294
I am building a webserver ( http://blog.linformatronics.nl/ ), which functions just fine on both IPv4 and IPv6 and when using a non-SSL connection. However when I connect to it through https, IPv6 works as expected, but an IPv4 connection throws a client side error. Server side logs are empty for the IPv4/https connection. Summarized in a table:
| http | https
-----+-------+-------------------------------------------------------
IPv4 | works | OpenSSL error, failed. No server side logging.
-----+-------+-------------------------------------------------------
IPv6 | works | self signed certificate warning, but works as expected
Apparently the SSL tunnel isn't even set up, which accounts for the Apache logs being empty. But why does it work fine for IPv6 and fail for IPv4? My question is why is this OpenSSL error being thrown and how can I solve it?
Below is some extra information about the setup.
IPv6 https
Command used to reproduce IPv6/https behaviour:
$ wget --no-check-certificate -O /dev/null -6 https://blog.linformatronics.nl
--2012-11-03 15:46:48-- https://blog.linformatronics.nl/
Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 2001:980:1b7f:1:a00:27ff:fea6:a2e7
Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|2001:980:1b7f:1:a00:27ff:fea6:a2e7|:443... connected.
WARNING: cannot verify blog.linformatronics.nl's certificate, issued by `/CN=localhost':
Self-signed certificate encountered.
WARNING: certificate common name `localhost' doesn't match requested host name `blog.linformatronics.nl'.
HTTP request sent, awaiting response... 200 OK
Length: 4556 (4.4K) [text/html]
Saving to: `/dev/null'
100%[=======================================================================>] 4,556 --.-K/s in 0s
2012-11-03 15:46:49 (62.5 MB/s) - `/dev/null' saved [4556/4556]
IPv4 https
Command used to reproduce IPv6/https behaviour:
$ wget --no-check-certificate -O /dev/null -4 https://blog.linformatronics.nl
--2012-11-03 15:47:28-- https://blog.linformatronics.nl/
Resolving blog.linformatronics.nl (blog.linformatronics.nl)... 82.95.251.247
Connecting to blog.linformatronics.nl (blog.linformatronics.nl)|82.95.251.247|:443... connected.
OpenSSL: error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
Unable to establish SSL connection.
Notes
- I am on Ubuntu Server 12.04.1 LTS
© Server Fault or respective owner