Sorry to have to reply to my own response, but, I erred here, folks with
netscape, I should have said, will also be needing a new patch. The post
I refered to was an announcment of the same problems under netscape.
Thanks,
Ron DuFresne
On Sat, 27 May 2000, R. DuFresne wrote:
>
> At this point it seems to be only a partial patch as a new, hole on a
> related issue, not fixed by thisw patch, has just been uncovered in the
> underpinnings of IE ssl.
>
> Thanks,
>
> Ron DuFresne
>
> On Fri, 26 May 2000, Airey, John wrote:
>
> > There is a patch at
> > http://www.microsoft.com/windows/ie/security/schannel.asp
> >
> > Which says "The version of Internet Explorer 5.01 that is released on the
> > Web contains an incorrect internal key in the Schannel.dll file. This may
> > cause programs and services on your computer that use Secure Socket Layer
> > (SSL) or Security Support Provider Interface (SSPI) to no longer function.
> > Installing this update will eliminate this problem by providing you with a
> > corrected Schannel.dll file. If you have installed high (128-bit) encryption
> > on your computer, you do not need to install this update".
> >
> > I've also noticed this problem with IE4.01, which I fixed for one user by
> > upgrading to 128bit encryption.
> >
> > There is a fix available for "SGC cryptography" (q249863i.exe). This answers
> > a question posted by James Lyon ([EMAIL PROTECTED]) entitled "IE4 okay
> > with latest mod_ssl" which is very much related. Details are at
> > http://support.microsoft.com/support/kb/articles/Q249/8/63.ASP?LN=EN-US&SD=g
> > n&FR=0
> >
> > Bottom line - neither is a problem with Apache-mod_ssl but a problem with
> > Microsoft's implementation of SSL!
> >
> > John
> >
> > -----Original Message-----
> > From: Taglang, Guillaume [mailto:[EMAIL PROTECTED]]
> > Sent: 25 May 2000 15:53
> > To: '[EMAIL PROTECTED]'
> > Subject: IE with 56 bits encryption
> >
> >
> >
> > Hi all,
> >
> > We received a SuperCert from thawte for 3 days we installed it on the
> > server modify the server config file, and great all works fine ! 128 bits
> > encryption for IE and Netscape. But, when we try to access to the site with
> > an older browser (IE 5.0 with 56 bits encryption) an error occured. We make
> > some test and this is the results (when we access the site with the IP
> > adress, it says that the certificate do not match the name of the site) :
> >
> > |https:// |https://
> > | 1.12.123.1/ | www.foo.com/
> > --------------------------------------------------
> > IE (128 bits | work | work
> > encryption) | |
> > --------------------------------------------------
> > IE (56 and 40| | don't
> > bits | work | work
> > encryption) | |
> > --------------------------------------------------
> > Netscape (128| work | work
> > encryption) | |
> > --------------------------------------------------
> > Netscape (56 | |
> > and 40 bits | work | work
> > encryption) | |
> >
> > This is an extract of my config file :
> >
> > [...]
> >
> > <IfDefine SSL>
> > Listen 1.12.123.1:443
> > NameVirtualHost 1.12.123.1:443
> > </IfDefine>
> >
> > [...]
> >
> > <IfDefine SSL>
> > <VirtualHost 1.12.123.1:443>
> > ServerName www.foo.com
> > ServerAdmin [EMAIL PROTECTED]
> >
> > DocumentRoot "/path/to/htdocs"
> > ErrorLog /path/to/error_log
> > TransferLog /path/to/access_log
> >
> > <Directory />
> > Options Indexes FollowSymLinks
> > AllowOverride None
> > </Directory>
> >
> > SSLEngine on
> > SSLCertificateFile /path/to/server.crt
> > SSLCertificateKeyFile /path/to/server.key
> >
> > SSLLogLevel info
> > SSLLog /path/to/ssl_engine_log
> >
> > </VirtualHost>
> > </IfDefine>
> >
> > If you have any idea, suggestion, solution, let me know.
> >
> > Thanx
> >
> > Guillaume
> >
> > ---
> > [EMAIL PROTECTED]
> > [EMAIL PROTECTED]
> > ___[_]___
> > (. .)
> > ...oOOo..(_)..oOOo...
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior consultant: darkstar.sysinfo.com
http://darkstar.sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
