Description of problem: After updating to 2.4.10-6.fc21 or higher, httpd doesn't start. It mentions SSL cipher errors in the logs. Version-Release number of selected component (if applicable): httpd-2.4.10-7.fc21.x86_64 mod_ssl-2.4.10-7.fc21.x86_64 How reproducible: Reproducible. Steps to Reproduce: 1. systemctl start httpd.service Actual results: root@gibraltar:~> systemctl start httpd.service Job for httpd.service failed. See 'systemctl status httpd.service' and 'journalctl -xn' for details. root@gibraltar:~> systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled) Active: failed (Result: exit-code) since Wed 2014-08-27 13:09:24 CEST; 4s ago Process: 21771 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE) Process: 21769 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 21769 (code=exited, status=1/FAILURE) Aug 27 13:09:24 gibraltar systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE Aug 27 13:09:24 gibraltar kill[21771]: kill: cannot find process "". Aug 27 13:09:24 gibraltar systemd[1]: httpd.service: control process exited, code=exited status=1 Aug 27 13:09:24 gibraltar systemd[1]: Failed to start The Apache HTTP Server. Aug 27 13:09:24 gibraltar systemd[1]: Unit httpd.service entered failed state. root@gibraltar:~> journalctl -xn -- Logs begin at Mon 2013-12-30 12:45:11 CET, end at Wed 2014-08-27 13:09:24 CEST. -- Aug 27 13:09:17 gibraltar systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE Aug 27 13:09:17 gibraltar kill[21753]: kill: cannot find process "". Aug 27 13:09:17 gibraltar systemd[1]: httpd.service: control process exited, code=exited status=1 Aug 27 13:09:17 gibraltar systemd[1]: Failed to start The Apache HTTP Server. -- Subject: Unit httpd.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has failed. -- -- The result is failed. Aug 27 13:09:17 gibraltar systemd[1]: Unit httpd.service entered failed state. Aug 27 13:09:24 gibraltar systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE Aug 27 13:09:24 gibraltar kill[21771]: kill: cannot find process "". Aug 27 13:09:24 gibraltar systemd[1]: httpd.service: control process exited, code=exited status=1 Aug 27 13:09:24 gibraltar systemd[1]: Failed to start The Apache HTTP Server. -- Subject: Unit httpd.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit httpd.service has failed. -- -- The result is failed. Aug 27 13:09:24 gibraltar systemd[1]: Unit httpd.service entered failed state. root@gibraltar:~> --- 8< --- /var/log/httpd/error_log --- [Wed Aug 27 13:09:24.547483 2014] [core:notice] [pid 21769] SELinux policy enabled; httpd running as context system_u:system_r:httpd_t:s0 [Wed Aug 27 13:09:24.548609 2014] [suexec:notice] [pid 21769] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Wed Aug 27 13:09:24.548966 2014] [ssl:emerg] [pid 21769] AH02311: Fatal error initialising mod_ssl, exiting. See /etc/httpd/logs/ssl_error_log for more information AH00016: Configuration Failed --- >8 -------------------------------- --- 8< --- /var/log/httpd/ssl_error_log --- [Wed Aug 27 13:09:24.548937 2014] [ssl:emerg] [pid 21769] AH01898: Unable to configure permitted SSL ciphers [Wed Aug 27 13:09:24.548960 2014] [ssl:emerg] [pid 21769] SSL Library Error: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match --- >8 ------------------------------------ Expected results: httpd starts Additional info: Downgrading to 2.4.10-3.fc21 makes it start again. I think it may be related to this change: * Thu Aug 21 2014 Joe Orton <jorton> - 2.4.10-6 - mod_ssl: treat "SSLCipherSuite PROFILE=..." as special (#1109119) - switch default ssl.conf to use PROFILE=SYSTEM (#1109119)
Hi, what version of openssl package do you use please?
openssl-1.0.1i-3.fc21.x86_64
Commit: http://pkgs.fedoraproject.org/gitweb/?p=httpd.git;a=commitdiff;h=793563ad40c65d89906e61a3f83ded4dcb7996f8 Package: httpd-2.4.10-8.fc22 Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=573375
This was a dumb error by me, sorry. I put "PROFILE=DEFAULT" not "PROFILE=SYSTEM" into ssl.conf.
Commit: http://pkgs.fedoraproject.org/gitweb/?p=httpd.git;a=commitdiff;h=a52322721dcf711892b35ccec24453184014e1a8 Package: httpd-2.4.10-8.fc21 Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=573409
(In reply to Joe Orton from comment #5) > Commit: > http://pkgs.fedoraproject.org/gitweb/?p=httpd.git;a=commitdiff; > h=a52322721dcf711892b35ccec24453184014e1a8 > Package: httpd-2.4.10-8.fc21 > Build: https://koji.fedoraproject.org/koji/buildinfo?buildID=573409 Would you submit an update for that? Thanks!
httpd-2.4.10-8.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/httpd-2.4.10-8.fc21
httpd-2.4.10-9.fc21 has been submitted as an update for Fedora 21. https://admin.fedoraproject.org/updates/httpd-2.4.10-9.fc21
Package httpd-2.4.10-9.fc21: * should fix your issue, * was pushed to the Fedora 21 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing httpd-2.4.10-9.fc21' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2014-10234/httpd-2.4.10-9.fc21 then log in and leave karma (feedback).
httpd-2.4.10-9.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.