Environment
Situation
Error message: The SSL connection encountered an I/O error.
Error group: SSL
Error code: 5
Routine: SSLConnect - failed to create SSL_connect
Error: The SSL connection encountered an I/O error.
TLS Upgrade handshake failed: Not accepted by client!?
Note: In some instances, there is no error presented to the end user, however, the Apache error_log shows the above error and httpd runs in high utilization and/or segfaults. The Apache error message shown above can result from an attempt to install an SSL iPrint printer, or by having an SSL iPrint printer already installed to the workstation. iPrint printers installed to workstations frequently communicate to the Print Manager to determine printer status. Each status lookup requires an SSL connection.
Resolution
Resolution: Upgrade the iPrint Client on all workstations
Upgrade the version of the iPrint client for Windows on all workstations to version 5.74 or later and version 5.04 or later for Macintosh.
-
To determine which workstations need upgrading
-
go to the /var/log/apache2/error_log
-
find the string: TLS Upgrade handshake failed
-
note the IP address associated with that error.
-
The IP address associated with that error is the IP address of the workstation which needs an upgraded verison of the iPrint client.
Workaround: Downgrade Apache (Available for OES2SP3 and not OES11)
Downgrade the server's Apache version to a release which doesn't disable the TLS connection upgrade.
Note: While testing on this option has been minimal, it has also been positive.
Make note of all the Apache packages which are returned from this command. This list will be needed for step b.
SLES10SP4 32 Bit
https://download.novell.com/Download?buildid=_UHwKa5dnCA~
SLES10SP4 64 Bit
https://download.novell.com/Download?buildid=fGF_KnTAFm8~
rcapache2 restart