Hello,
maybe you remember my postings about the SSL-Problems with a sequence
of redirection scripts on an SSL-Server.
(we now use apache-1.3.12,mod_ssl-2.6.2 and openssl-0.9.5 on Linux)
By updating the server we succeeded to get rid of the errors with the
Netscape Browsers, but now, a new problem appears with the IE5 on NT
and Win98:
[31/Mar/2000 11:09:29 26799] [info] Seeding PRNG with 0 bytes of entropy
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Handshake: start
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Loop: before/accept initialization
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Loop: SSLv3 read client hello A
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Loop: SSLv3 write server hello A
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Loop: SSLv3 write certificate A
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Loop: SSLv3 write key exchange A
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Loop: SSLv3 write server done A
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Loop: SSLv3 flush data
[31/Mar/2000 11:09:29 26799] [trace] OpenSSL: Exit: failed in SSLv3 read client
certificate A
[31/Mar/2000 11:09:29 26799] [info] Spurious SSL handshake interrupt[Hint: Usually
just one of those OpenSSL confusions!?]
Again the client is asked for a certificate and subsequently an error
occurs.
SSLVerifyClient none
SSLOptions -FakeBasicAuthentication
should stop the server to ask for certificates but doesn't in all
cases (at least for IE5).
Questions:
-> Is that connected to the Problem already discussed with the step-up
certificates (error message is identical) which could be solved by
prohibiting the 56-Bit-Key as I understand?
-> As suggested in the mailing-list in another context
SSLProtocol SSLv2
solves the problem. But don't I loose features or security
"downgrading" like that?
-> Is that a bug ? And if yes: In mod_ssl or in openssl?
Maybe you have some answers.
Thanks
Olaf
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
