SSL configuration messages

This topic contains error messages that might result due to configuration problems and provides solutions to help you troubleshoot these problems.


The following messages appear due to configuration problems:

  • SSL0300E: Unable to allocate terminal node.

  • SSL0301E: Unable to allocate string value in node.

  • SSL0302E: Unable to allocate non terminal node.

  • SSL0303E: Syntax Error in SSLClientAuthGroup directive.

  • SSL0304E: Syntax Error in SSLClientAuthRequire directive.

  • SSL0307E: Invalid token preceding NOT or !

  • SSL0308E: A group is specified in SSLClientAuthRequire but no groups are specified.

  • SSL0309E: The group <group> is specified in SSLClientAuthRequire is not defined.

  • SSL0310I: Access denied to object due to invalid SSL version <version>, expected <version>.

  • SSL0311E: Unable to get cipher in checkBanCipher.

  • SSL0312I: Cipher <cipher> is in ban list and client is forbidden to access object.

  • SSL0313E: Fell through to default return in checkCipherBan.

  • SSL0314E: Cipher is NULL in checkRequireCipher.

  • SSL0315E: Cipher <cipher> used is not in the list of required ciphers to access this object.

  • SSL0316E: Fell through to default return in checkCipherRequire.

  • SSL0317E: Unable to allocate memory for fake basic authentication username.

  • SSL0318E: Limit exceeded for specified cipher specs, only 64 total allowed.

    • Reason: The number of ciphers configured using the SSLCipherSpec directive exceeds the maximum allowed of 64.

    • Solution: Check for duplicate SSLCipherSpec directives.

  • SSL0319E: Cipher Spec <cipher> is not supported by this GSK library.

    • Reason: The cipher is not a valid cipher for use with the installed SSL libraries.

    • Solution: Check that a valid cipher value was entered with the SSLCipherSpec directive.

  • SSL0320I: Using Version 2|3 Cipher: <cipher>.

    • Reason: This is an informational message listing the ciphers used for connections to this virtual host.

    • Solution: None.

  • SSL0321E: Invalid cipher spec <cipher>.

    • Reason: The cipher is not a valid cipher.

    • Solution: Check the documentation for a list of valid cipher specs.

  • SSL0322E: Cipher Spec <cipher> is not valid.

    • Reason: The cipher is not a valid cipher.

    • Solution: Check the documentation for a list of valid cipher specs.

  • SSL0323E: Cipher Spec <cipher> has already been added.

    • Reason: A duplicate SSLCipherSpec directive has been encountered.

    • Solution: This instance of the directive is ignored and should be removed from the configuration file.

  • SSL0324E: Unable to allocate storage for cipher specs.

    • Reason: The server could not allocate memory needed to complete the operation.

    • Solution: Take action to free up some additional memory. Try reducing the number of threads or processes running, or increasing virtual memory.

  • SSL0325E: Cipher Spec <cipher> has already been added to the v2|v3 ban|require list.

    • Reason: A duplicate cipher was specified on the SSLCipherBan directive.

    • Solution: This instance of the directive is ignored and should be removed from the configuration file.

  • SSL0326E: Invalid cipher spec <cipher> set for SSLCipherBan|SSLCipherRequire.

    • Reason: The cipher is not a valid cipher.

    • Solution: Check the documentation for a list of valid cipher specs.

  • SSL0327E: Invalid value for sslv2timeout|sslv3timeout, using default value of nn seconds.

    • Reason: The timeout value specified is not in the valid range.

    • Solution: Check the documentation for the proper range of values.

  • SSL0328W: Invalid argument for SSLClientAuth: <args>. CRL can not be turned on unless Client Authentication is on.

  • SSL0329W: Invalid argument for SSLClientAuth: <args>. If a second argument is entered it must be CRL. CRL cannot be turned on unless client authentication is on.

  • SSL0330W: Invalid argument for SSLClientAuth: <args>. If a second value is entered it must be crl.

  • SSL0331W: Invalid argument for SSLClientAuth: <args>. The first value must be 0, 1, 2 none, optional, or required.

  • SSL0332E: Not enough arguments specified for SSLClientAuthGroup.

  • SSL0333E: No parse tree created for <parm>.

    • Reason: An error occurred processing the SSLClientAuthRequire directive.

    • Solution: Check for other error messages. Enable tracing of Client Authentication by adding the directive SSLClientAuthRequireTraceOn to the configuration file.

  • SSL0334E: Function ap_make_table failed processing label <certificate>.

  • SSL0337E: OCSP is not supported with this level of GSKit

    • Reason: OCSP support requires GSKit 7.0.4.14 or higher

    • Solution: Upgrade the level of GSKit on the system to 7.0.4.14 or higher