Forum Moderators: phranque
[Wed Dec 4 18:55:06 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Wed Dec 4 18:55:06 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Wed Dec 4 18:55:07 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Wed Dec 4 18:55:07 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Wed Dec 4 18:55:07 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Wed Dec 4 18:55:07 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Wed Dec 4 18:55:07 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Wed Dec 4 18:55:08 2002] [error] mod_ssl: SSL handshake failed (server www.mystore.com:443, client 111.222.333.444) (OpenSSL library error follows)
[Wed Dec 4 18:55:08 2002] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long
[Thu Dec 5 01:44:10 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Thu Dec 5 01:44:12 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Thu Dec 5 01:44:14 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Thu Dec 5 01:44:15 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Thu Dec 5 01:44:15 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Thu Dec 5 01:44:15 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Thu Dec 5 01:44:16 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Thu Dec 5 01:44:16 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Thu Dec 5 01:44:16 2002] [error] mod_ssl: SSL handshake timed out (client 111.222.333.444, server www.mystore.com:443)
[Thu Dec 5 01:44:16 2002] [error] mod_ssl: SSL handshake failed (server www.mystore.com:443, client 111.222.333.444) (OpenSSL library error follows)
[Thu Dec 5 01:44:16 2002] [error] OpenSSL: error:1406B458:SSL routines:GET_CLIENT_MASTER_KEY:key arg too long
My website monitoring service (Pingalink) has been reporting "slow" status intermittently for a few weeks now. It's set to report slow when it takes longer than 1000ms to respond. Maybe that has something to do with it? I'm a bit worried about these errors as my checkout page is one of the only SSL pages on my site. Can anyone help with any ideas?
[edited by: oilman at 11:07 pm (utc) on Dec. 9, 2002]
[edit reason] edited IP #'s to generic #'s [/edit]
Have you recently patched Apache/SSL?
What I think is happening is that someone is trying - and failing - to exploit a now-fixed vulnerability in OpenSSL. The fact that you're getting timeouts shows that the hack attempts (probably just automated script stuff) are failing...
(Disclaimer: you might sleep better if you consult a security specialist on this ;) )
Added: "SSL routines:GET_CLIENT_MASTER_KEY:key arg too long"
Yep, they're trying the recent buffer overflow exploit (Slapper?)
More info here [cert.org]
