SSL Proxy connect failed and mod_cluster returns "Bad Gateway" HTTP ErrorCode 502

Solution Verified - Updated -

Issue

  • We have Apache/mod_cluster loadbalancing traffic to JBoss over SSL. After a longer pause with no requests (e.g. in the morning), many requests fail with 502 "Bad Gateway" errors. Apache debug logging shows it occurs it is triggered from a failure in the SSL handshake:

    [debug] ssl_engine_kernel.c(1902): OpenSSL: Read: SSLv2/v3 read server hello A
[debug] ssl_engine_kernel.c(1926): OpenSSL: Exit: error in SSLv2/v3 read server hello A
[info] [client 127.0.0.1] SSL Proxy connect failed
[info] SSL Library Error: 336032754 error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message
[info] [client 127.0.0.1] Connection closed to child 0 with abortive shutdown (server localhost:443)
[error] (502)Unknown error 502: proxy: pass request body failed to localhost:8443 (127.0.0.1)

  • On jboss.org, I found the following thread

  • After multiple requests, the error is gone and everything works fine. Just after a longer pause the error comes back. Also, restarting Apache appears to clear up the 502s until another period of idleness.

Environment

  • Apache httpd 2.2.15
  • Red Hat Enterprise Linux(RHEL) 6.2
  • mod_cluster
    • 1.0.10.GA_CP02
    • 1.2.3.Final
  • JBoss Enterprise Application Platform (EAP)
    • 5.1.2
    • 6.0.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content