Description of problem: The updated openssl-0.9.8e-12.el5_4.6 package breaks lighttpd SSL because of upstream bug #2157 Version-Release number of selected component (if applicable): lighttpd-1.4.22-2.el5 How reproducible: install lighttpd-1.4.22-2.el5 & openssl-0.9.8e-12.el5_4.6 Enable SSL in lighttpd.conf : ssl.engine = "enabled" ssl.pemfile = "/etc/pki/tls/certs/lighttpd.pem" Actual results: # service lighttpd start Starting lighttpd: 2010-03-28 00:04:43: (network.c.336) SSL: error:00000000:lib(0):func(0):reason(0) [FAILED] Expected results: # service lighttpd start Starting lighttpd: [ OK ] Additional info: Upstream bug#2157 @ http://redmine.lighttpd.net/issues/2157 Fixed upstream in r2716 @ http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2716 Rebuild SRPM with the above patch, and it works.
Workaround: set ssl.use-sslv2 = "enable" in the appropriate places in the config. This will enable SSLv2, but you can prevent actual working SSLv2 negotiation by massaging the cipher list, for example like this: ssl.cipher-list = "TLSv1+HIGH RC4+MEDIUM !SSLv2 !3DES !aNULL @STRENGTH"
I got bitten by this too. Thanks for the work-around.
I've rebuilt 1.4.26 with the fix, it should appear in EPEL testing soon. I've updated on many production servers and it's been working fine for me so far.
lighttpd 0:1.4.26-2.el5 fixed this bug for me
Indeed fixed, thank you :)
lighttpd-1.4.26-2.el5 is now in the main EPEL repos, since Wouter de Jong reports this version as having fixed his problem I'm closing the ticket off.