welcome to WebmasterWorld, hudson!

what does "the handshake doesnīt work" mean?
what message and/or log entry are you seeing?

it could possibly be solved with the SSLRenegBufferSize Directive:
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslrenegbuffersize
(assuming apache 2.2.12 and up)

Hi,
I donīt have nothing message in log (error_log/access_log or mod_jk_log). When I put more than 54 certificadtes in the directory and i make one test, the handshake doesnīt complete. Ex:

/usr/sfw/bin/openssl s_client -showcerts -connect 172.23.201.34:8443 -cert ssl/crt/teste.crt -key ssl/key/teste.key -CAfile ssl/ca/ACs_hnfe.crt -state -debug -msg -ssl3

handshake doesnīt complete:

0a80 - 2d 53 65 63 72 65 74 61-72 69 61 20 64 61 20 52 -Secretaria da R
0a90 - 65 63 65 69 74 61 20 46-65 64 65 72 61 6c 20 64 eceita Federal d
0aa0 - 6f 20 42 72 61 73 69 6c-20 2d 20 52 46 42 31 26 o Brasil - RFB1&
0ab0 - 30 24 06 03 55 04 03 13-1d 41 43 20 49 6d 70 72 0$..U....AC Impr
0ac0 - 65 6e 73 61 20 4f 66 69-63 69 61 6c 20 53 50 20 ensa Oficial SP
0ad0 - 52 R

normally:

0070 - eb a8 31 cf 57 1d 55 75-01 38 3e e7 8e 06 12 44 ..1.W.Uu.8>....D
0080 - bb 07 40 72 68 f5 61 0a-87 2d e1 ..@rh.a..-.
SSL_connect:SSLv3 write certificate verify A
>>> SSL 3.0 ChangeCipherSpec [length 0001]

I have a Apache2.2.12 in solaris10 and the directive SSLRenegBufferSize doesnīt work. See the answer:

[jboss@zaplicath01 certificados]$ /usr/local/apache2/bin/apachectl configtest
Syntax error on line 79 of /usr/local/apache2/conf/mod-jk.conf:
SSLRenegBufferSize not allowed here

Thank you again.
Hudson

phranque,

I put the directive SSLRenegBufferSize but doesnīt work. The same problem continued. If you have other suggestions I thank.

Hudson

note that the SSLRenegBufferSize directive can only be specified in your server config file in directory context:
http://httpd.apache.org/docs/trunk/mod/directive-dict.html#Context

The problem was the version of openssl.