Ok, so maybe I was not seeing the *exact* same problem ;) I was just
seeing the error messages in the log. I had seen the "server error"
message on the browsers some time ago, but I expected the error
messages to also go away. I guess it must be the OpenSSL exploit
then... any way to check and make sure?
Regards,
-Oscar
On Tue, Mar 11, 2003 at 09:08:58AM -0600, Scott Goodwin wrote:
> I need to know the browser type, version and strength (e.g. MSIE 5.5
> 128-bit, Netscape 4.7 40-bit...).
>
> Oscar, when you say you're seeing the exact same problem, do you mean
> you're seeing both the error message and the browser is failing on the
> first connect?
>
> /s.
>
>
> On Tuesday, March 11, 2003, at 08:42 AM, Oscar Bonilla wrote:
>
> > I'm seeing the exact same problem, however I have ServerSessionCache
> > set to true. I'm using
> > nsopenssl 2.1. What could the problem be?
> >
> >
> > This is the nsopenssl part of my aolserver config file:
> >
> > -----
> > ns_section "ns/server/${servername}/module/nsopenssl"
> > ns_param ServerPort ${httpsport}
> > ns_param ServerHostname ${hostname}
> > ns_param ServerAddress ${address}
> > ns_param ServerCertFile ${sslcertificate}
> > ns_param ServerKeyFile ${sslkey}
> > ns_param ServerProtocols All
> > ns_param ServerCipherSuite
> > "ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
> > ns_param ServerSessionCache true
> > ns_param ServerSessionCacheID 1
> > ns_param ServerSessionCacheSize 512
> > ns_param ServerSessionCacheTimeout 300
> > ns_param ServerPeerVerify false
> > ns_param ServerPeerVerifyDepth 3
> > ns_param ServerCADir ${sslcadir}
> > ns_param ServerCAFile ${sslcafile}
> > ns_param ServerTrace false
> >
> > ns_param SockServerCertFile ${sslcertificate}
> > ns_param SockServerKeyFile ${sslkey}
> > ns_param SockServerProtocols All
> > ns_param SockServerCipherSuite
> > "ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
> > ns_param SockServerSessionCache true
> > ns_param SockServerSessionCacheID 2
> > ns_param SockServerSessionCacheSize 512
> > ns_param SockServerSessionCacheTimeout 300
> > ns_param SockServerPeerVerify true
> > ns_param SockServerPeerVerifyDepth 3
> > ns_param SockServerCADir ${sslinternalcadir}
> > ns_param SockServerCAFile ${sslinternalcafile}
> > ns_param SockServerTrace false
> >
> > ns_param SockClientCertFile ${sslclientcertificate}
> > ns_param SockClientKeyFile ${sslclientkey}
> > ns_param SockClientProtocols All
> > ns_param SockClientCipherSuite
> > "ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL"
> > ns_param SockClientSessionCache true
> > ns_param SockClientSessionCacheID 3
> > ns_param SockClientSessionCacheSize 512
> > ns_param SockClientSessionCacheTimeout 300
> > ns_param SockClientPeerVerify true
> > ns_param SockClientPeerVerifyDepth 3
> > ns_param SockClientCADir ${sslservercadir}
> > ns_param SockClientCAFile ${sslservercafile}
> > ns_param SockClientTrace false
> >
> > ns_param RandomFile /dev/urandom
> > ns_param SeedBytes 1024
> > ----
> >
> > Thanks,
> >
> > -Oscar
> >
> > On Mon, Mar 10, 2003 at 11:42:36PM -0600, Scott Goodwin wrote:
> >> Turn it on, always, always, always have session caching on, or SSL to
> >> certain MSIE browser versions will fail in the way you're seeing. I've
> >> just updated the nsopenssl config examples at my site to reflect this.
> >>
> >> nsopenssl 3.0 will have session caching turned on by default, so that
> >> if you want it turned off you'll have to explicitly do so.
> >>
> >>
> >> /s.
> >>
> >>
> >>
> >> On Monday, March 10, 2003, at 11:32 PM, William Scott Jordan wrote:
> >>
> >>> ServerSessionCache is set to false.
> >>>
> >>> Scott
> >>>
> >>> At 11:12 PM 3/10/2003 -0600, you wrote:
> >>>> Do you have session caching turned on?
> >>>>
> >>>> /s.
> >>>>
> >>>> On Monday, March 10, 2003, at 11:00 PM, William Scott Jordan wrote:
> >>>>
> >>>>> I'm running AOLServer 3.4 with OpenSSL 0.9.6 and nsopenssl 2.2b4 on
> >>>>> Redhat
> >>>>> 7.0 and I'm getting this error quite a bit:
> >>>>>
> >>>>>
> >>>>> Error: nsopenssl: EOF during SSL handshake
> >>>>>
> >>>>>
> >>>>> I have no idea what's causing it and I can't recreate it. When it
> >>>>> happens,
> >>>>> it gives the end user a "Server Error" message. Reloading the same
> >>>>> page
> >>>>> never causes the problem a second time. I really don't even know
> >>>>> whether
> >>>>> it's a problem with AOLServer, a configuration issue, or a problem
> >>>>> with
> >>>>> OpenSSL.
> >>>>>
> >>>>> Has anybody seen this before or have any idea of how to correct it?
> >>>>> Any
> >>>>> advice would be appreciated.
> >>>>>
> >>>>> Scott
> >>>>>
> >>>>>
> >>>>>
> >>>>> I. To remove yourself from this list:
> >>>>>
> >>>>> Send a message to "[EMAIL PROTECTED]" with the following
> >>>>> text
> >>>>> in
> >>>>> the BODY of your message:
> >>>>>
> >>>>> signoff aolserver
> >>>>>
> >>>>> II. For a complete list of listserv options please visit:
> >>>>>
> >>>>> http://listserv.aol.com/
> >>>>>
> >>>>> III. For more AOLserver information please visit:
> >>>>>
> >>>>> http://www.aolserver.com/
> >>>>
> >>>>
> >>>>
> >>>> I. To remove yourself from this list:
> >>>>
> >>>> Send a message to "[EMAIL PROTECTED]" with the following
> >>>> text in
> >>>> the BODY of your message:
> >>>>
> >>>> signoff aolserver
> >>>>
> >>>> II. For a complete list of listserv options please visit:
> >>>>
> >>>> http://listserv.aol.com/
> >>>>
> >>>> III. For more AOLserver information please visit:
> >>>>
> >>>> http://www.aolserver.com/
> >>>
> >>>
> >>>
> >>> I. To remove yourself from this list:
> >>>
> >>> Send a message to "[EMAIL PROTECTED]" with the following
> >>> text
> >>> in
> >>> the BODY of your message:
> >>>
> >>> signoff aolserver
> >>>
> >>> II. For a complete list of listserv options please visit:
> >>>
> >>> http://listserv.aol.com/
> >>>
> >>> III. For more AOLserver information please visit:
> >>>
> >>> http://www.aolserver.com/
> >>
> >>
> >>
> >> I. To remove yourself from this list:
> >>
> >> Send a message to "[EMAIL PROTECTED]" with the following
> >> text in
> >> the BODY of your message:
> >>
> >> signoff aolserver
> >>
> >> II. For a complete list of listserv options please visit:
> >>
> >> http://listserv.aol.com/
> >>
> >> III. For more AOLserver information please visit:
> >>
> >> http://www.aolserver.com/
> >
> >
> >
> > I. To remove yourself from this list:
> >
> > Send a message to "[EMAIL PROTECTED]" with the following text
> > in
> > the BODY of your message:
> >
> > signoff aolserver
> >
> > II. For a complete list of listserv options please visit:
> >
> > http://listserv.aol.com/
> >
> > III. For more AOLserver information please visit:
> >
> > http://www.aolserver.com/
>
>
>
> I. To remove yourself from this list:
>
> Send a message to "[EMAIL PROTECTED]" with the following text in
> the BODY of your message:
>
> signoff aolserver
>
> II. For a complete list of listserv options please visit:
>
> http://listserv.aol.com/
>
> III. For more AOLserver information please visit:
>
> http://www.aolserver.com/
I. To remove yourself from this list:
Send a message to "[EMAIL PROTECTED]" with the following text in
the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/
