Ok, so maybe I was not seeing the *exact* same problem ;) I was just seeing the error messages in the log. I had seen the "server error" message on the browsers some time ago, but I expected the error messages to also go away. I guess it must be the OpenSSL exploit then... any way to check and make sure?
Regards, -Oscar On Tue, Mar 11, 2003 at 09:08:58AM -0600, Scott Goodwin wrote: > I need to know the browser type, version and strength (e.g. MSIE 5.5 > 128-bit, Netscape 4.7 40-bit...). > > Oscar, when you say you're seeing the exact same problem, do you mean > you're seeing both the error message and the browser is failing on the > first connect? > > /s. > > > On Tuesday, March 11, 2003, at 08:42 AM, Oscar Bonilla wrote: > > > I'm seeing the exact same problem, however I have ServerSessionCache > > set to true. I'm using > > nsopenssl 2.1. What could the problem be? > > > > > > This is the nsopenssl part of my aolserver config file: > > > > ----- > > ns_section "ns/server/${servername}/module/nsopenssl" > > ns_param ServerPort ${httpsport} > > ns_param ServerHostname ${hostname} > > ns_param ServerAddress ${address} > > ns_param ServerCertFile ${sslcertificate} > > ns_param ServerKeyFile ${sslkey} > > ns_param ServerProtocols All > > ns_param ServerCipherSuite > > "ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL" > > ns_param ServerSessionCache true > > ns_param ServerSessionCacheID 1 > > ns_param ServerSessionCacheSize 512 > > ns_param ServerSessionCacheTimeout 300 > > ns_param ServerPeerVerify false > > ns_param ServerPeerVerifyDepth 3 > > ns_param ServerCADir ${sslcadir} > > ns_param ServerCAFile ${sslcafile} > > ns_param ServerTrace false > > > > ns_param SockServerCertFile ${sslcertificate} > > ns_param SockServerKeyFile ${sslkey} > > ns_param SockServerProtocols All > > ns_param SockServerCipherSuite > > "ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL" > > ns_param SockServerSessionCache true > > ns_param SockServerSessionCacheID 2 > > ns_param SockServerSessionCacheSize 512 > > ns_param SockServerSessionCacheTimeout 300 > > ns_param SockServerPeerVerify true > > ns_param SockServerPeerVerifyDepth 3 > > ns_param SockServerCADir ${sslinternalcadir} > > ns_param SockServerCAFile ${sslinternalcafile} > > ns_param SockServerTrace false > > > > ns_param SockClientCertFile ${sslclientcertificate} > > ns_param SockClientKeyFile ${sslclientkey} > > ns_param SockClientProtocols All > > ns_param SockClientCipherSuite > > "ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL" > > ns_param SockClientSessionCache true > > ns_param SockClientSessionCacheID 3 > > ns_param SockClientSessionCacheSize 512 > > ns_param SockClientSessionCacheTimeout 300 > > ns_param SockClientPeerVerify true > > ns_param SockClientPeerVerifyDepth 3 > > ns_param SockClientCADir ${sslservercadir} > > ns_param SockClientCAFile ${sslservercafile} > > ns_param SockClientTrace false > > > > ns_param RandomFile /dev/urandom > > ns_param SeedBytes 1024 > > ---- > > > > Thanks, > > > > -Oscar > > > > On Mon, Mar 10, 2003 at 11:42:36PM -0600, Scott Goodwin wrote: > >> Turn it on, always, always, always have session caching on, or SSL to > >> certain MSIE browser versions will fail in the way you're seeing. I've > >> just updated the nsopenssl config examples at my site to reflect this. > >> > >> nsopenssl 3.0 will have session caching turned on by default, so that > >> if you want it turned off you'll have to explicitly do so. > >> > >> > >> /s. > >> > >> > >> > >> On Monday, March 10, 2003, at 11:32 PM, William Scott Jordan wrote: > >> > >>> ServerSessionCache is set to false. > >>> > >>> Scott > >>> > >>> At 11:12 PM 3/10/2003 -0600, you wrote: > >>>> Do you have session caching turned on? > >>>> > >>>> /s. > >>>> > >>>> On Monday, March 10, 2003, at 11:00 PM, William Scott Jordan wrote: > >>>> > >>>>> I'm running AOLServer 3.4 with OpenSSL 0.9.6 and nsopenssl 2.2b4 on > >>>>> Redhat > >>>>> 7.0 and I'm getting this error quite a bit: > >>>>> > >>>>> > >>>>> Error: nsopenssl: EOF during SSL handshake > >>>>> > >>>>> > >>>>> I have no idea what's causing it and I can't recreate it. When it > >>>>> happens, > >>>>> it gives the end user a "Server Error" message. Reloading the same > >>>>> page > >>>>> never causes the problem a second time. I really don't even know > >>>>> whether > >>>>> it's a problem with AOLServer, a configuration issue, or a problem > >>>>> with > >>>>> OpenSSL. > >>>>> > >>>>> Has anybody seen this before or have any idea of how to correct it? > >>>>> Any > >>>>> advice would be appreciated. > >>>>> > >>>>> Scott > >>>>> > >>>>> > >>>>> > >>>>> I. To remove yourself from this list: > >>>>> > >>>>> Send a message to "[EMAIL PROTECTED]" with the following > >>>>> text > >>>>> in > >>>>> the BODY of your message: > >>>>> > >>>>> signoff aolserver > >>>>> > >>>>> II. For a complete list of listserv options please visit: > >>>>> > >>>>> http://listserv.aol.com/ > >>>>> > >>>>> III. For more AOLserver information please visit: > >>>>> > >>>>> http://www.aolserver.com/ > >>>> > >>>> > >>>> > >>>> I. To remove yourself from this list: > >>>> > >>>> Send a message to "[EMAIL PROTECTED]" with the following > >>>> text in > >>>> the BODY of your message: > >>>> > >>>> signoff aolserver > >>>> > >>>> II. For a complete list of listserv options please visit: > >>>> > >>>> http://listserv.aol.com/ > >>>> > >>>> III. For more AOLserver information please visit: > >>>> > >>>> http://www.aolserver.com/ > >>> > >>> > >>> > >>> I. To remove yourself from this list: > >>> > >>> Send a message to "[EMAIL PROTECTED]" with the following > >>> text > >>> in > >>> the BODY of your message: > >>> > >>> signoff aolserver > >>> > >>> II. For a complete list of listserv options please visit: > >>> > >>> http://listserv.aol.com/ > >>> > >>> III. For more AOLserver information please visit: > >>> > >>> http://www.aolserver.com/ > >> > >> > >> > >> I. To remove yourself from this list: > >> > >> Send a message to "[EMAIL PROTECTED]" with the following > >> text in > >> the BODY of your message: > >> > >> signoff aolserver > >> > >> II. For a complete list of listserv options please visit: > >> > >> http://listserv.aol.com/ > >> > >> III. For more AOLserver information please visit: > >> > >> http://www.aolserver.com/ > > > > > > > > I. To remove yourself from this list: > > > > Send a message to "[EMAIL PROTECTED]" with the following text > > in > > the BODY of your message: > > > > signoff aolserver > > > > II. For a complete list of listserv options please visit: > > > > http://listserv.aol.com/ > > > > III. For more AOLserver information please visit: > > > > http://www.aolserver.com/ > > > > I. To remove yourself from this list: > > Send a message to "[EMAIL PROTECTED]" with the following text in > the BODY of your message: > > signoff aolserver > > II. For a complete list of listserv options please visit: > > http://listserv.aol.com/ > > III. For more AOLserver information please visit: > > http://www.aolserver.com/ I. To remove yourself from this list: Send a message to "[EMAIL PROTECTED]" with the following text in the BODY of your message: signoff aolserver II. For a complete list of listserv options please visit: http://listserv.aol.com/ III. For more AOLserver information please visit: http://www.aolserver.com/