You are not logged in.
- Topics: Active | Unanswered
#1 2015-02-13 19:38:43
- masterjonny
- Member
- Registered: 2015-02-13
- Posts: 2
Illegal Instruction When Using SSL with Apache
Hi,
When I try to access an SSL configured site hosted by Apache, using either IE or Safari I get the error:
[core:notice] [pid 6555] AH00052: child pid 6559 exit signal Illegal instruction (4) Bizarrely enough using Chrome or Firefox, the site loads just fine... I've ruled out it being a PHP or WordPress bug, as loading a simple one line HTML document served over SSL also doesn't work.
Launching Apache in debug mode (-X) when I connect to the server over SSL (from Safari), I get the output
[1] 6416 illegal hardware instruction httpd -XWhen I Google around for that I get loads of old mothballed forum articles dating back years about compiling Apache from source against the wrong march and mtune flags 
Does anyone have any insight or suggestions for this..?
My issue is compounded somewhat as I've been using 301 redirects to redirect HTTP traffic to HTTPS, and apparently 301's are cached in browsers deep deep down, sometimes to the extent clearing the cache isn't enough. Now I've removed the 301 Chrome would only access the site on port HTTP after clearing browsing data, but after clearing the data of Safari, it was still determined to access the wrong URL....
This means I now must fix the SSL bug, or I wait the next n years for peoples cache to expire.
Cheers!
Offline
#2 2015-02-14 17:41:34
- masterjonny
- Member
- Registered: 2015-02-13
- Posts: 2
Re: Illegal Instruction When Using SSL with Apache
Well I thought I'd put the answer here as during more desperate googlin' this morning, this thread was coming high up the list of results.
From my testing it looks like OpenSSL 1.0.2 has some bugs when running on an AMD APU.
After much trial and error a working cipher suite is -
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
However adding any of the following ciphers in
AES128-SHA256
AES256-SHA256
DHE-RSA-AES256-SHA256
DHE-RSA-AES128-SHA256
ECDHE-RSA-AES128-SHA256
Brings back the
illegal hardware instruction.
Initially I thought it was SHA256 making it fall over, but looking at the work ciphers SHA256 is still present, so it looks more to be when AES and SHA256 are coupled...?
Anyway, from my research this was a bug years ago, and still is when compiling from source sometimes. Apparently its picking ciphers for the wrong architecture or libcrypto is doing so. Either way I'll get some more logs and file a bug.
Just wanted to follow up so if anyone stumbles on this they find an answer!
Last edited by masterjonny (2015-02-14 17:42:24)
Offline