Verisign SGC & Netscape International releases

Francesco D'Inzeo Thu, 01 Jun 2000 12:09:56 -0700
Hi everyone.
I succesfully installed Apache+mod_ssl+php3 on an Win NT box
and installed a Verisign Global Server ID Certificate (SGC).
Everything works fine, except when dealing with Netscape
international release (yes even the last 4.72) which stops
saying that there is a network error.

Looking at the engine.log i found the following lines:

[01/Jun/2000 16:49:36 00088] [info]  Server: OpenSA/0.20 Apache/1.3.12, Interface: 
mod_ssl/2.6.2, Library: 
OpenSSL/0.9.5
[01/Jun/2000 16:49:36 00088] [warn]  You are using mod_ssl under Win32. This 
combination is *NOT* officially 
supported. Use it at your own risk!
[01/Jun/2000 16:49:36 00088] [info]  Init: 1st startup round (still not detached)
[01/Jun/2000 16:49:36 00088] [info]  Init: Initializing OpenSSL library
[01/Jun/2000 16:49:36 00088] [info]  Init: Loading certificate & private key of 
SSL-aware server 
www.mydomain.com:443
[01/Jun/2000 16:49:36 00088] [info]  Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:36 00088] [info]  Init: Generating temporary RSA private keys 
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info]  Init: Configuring temporary DH parameters 
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info]  Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:37 00088] [info]  Init: Configuring temporary RSA private keys 
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info]  Init: Configuring temporary DH parameters 
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info]  Init: Initializing (virtual) servers for SSL
[01/Jun/2000 16:49:37 00088] [info]  Init: Configuring server www.mydomain.com:443 for 
SSL protocol
[01/Jun/2000 16:49:37 00088] [info]  Init: (www.mydomain.com:443) RSA server 
certificate enables Server Gated 
Cryptography (SGC)
[01/Jun/2000 16:49:37 00088] [info]  Init: 2nd startup round (already detached)
[01/Jun/2000 16:49:37 00088] [info]  Init: Reinitializing OpenSSL library
[01/Jun/2000 16:49:37 00088] [info]  Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:37 00088] [info]  Init: Configuring temporary RSA private keys 
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info]  Init: Configuring temporary DH parameters 
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info]  Init: Initializing (virtual) servers for SSL
[01/Jun/2000 16:49:37 00088] [info]  Init: Configuring server www.mydomain.com:443 for 
SSL protocol
[01/Jun/2000 16:49:38 00088] [info]  Init: (www.mydomain.com:443) RSA server 
certificate enables Server Gated 
Cryptography (SGC)
[01/Jun/2000 16:49:38 00165] [info]  Server: OpenSA/0.20 Apache/1.3.12, Interface: 
mod_ssl/2.6.2, Library: 
OpenSSL/0.9.5
[01/Jun/2000 16:49:38 00165] [warn]  You are using mod_ssl under Win32. This 
combination is *NOT* officially 
supported. Use it at your own risk!
[01/Jun/2000 16:49:38 00165] [info]  Init: 1st startup round (still not detached)
[01/Jun/2000 16:49:38 00165] [info]  Init: Initializing OpenSSL library
[01/Jun/2000 16:49:38 00165] [info]  Init: Loading certificate & private key of 
SSL-aware server 
www.mydomain.com:443
[01/Jun/2000 16:49:38 00165] [info]  Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:38 00165] [info]  Init: Generating temporary RSA private keys 
(512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info]  Init: Configuring temporary DH parameters 
(512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info]  Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:39 00165] [info]  Init: Configuring temporary RSA private keys 
(512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info]  Init: Configuring temporary DH parameters 
(512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info]  Init: Initializing (virtual) servers for SSL
[01/Jun/2000 16:49:39 00165] [info]  Init: Configuring server www.mydomain.com:443 for 
SSL protocol
[01/Jun/2000 16:49:40 00165] [info]  Init: (www.mydomain.com:443) RSA server 
certificate enables Server Gated 
Cryptography (SGC)
[01/Jun/2000 16:49:54 00165] [info]  Connection to child 0 established (server 
www.mydomain.com:443, client 
192.168.1.91)
[01/Jun/2000 16:49:54 00165] [info]  Seeding PRNG with 1160 bytes of entropy
[01/Jun/2000 16:49:55 00165] [info]  Connection: Client IP: 192.168.1.91, Protocol: 
SSLv3, Cipher: EXP1024-RC4-SHA 
(0/0 bits)
[01/Jun/2000 16:49:55 00165] [info]  Connection to child 0 closed with standard 
shutdown (server 
www.mydomain.com:443, client 192.168.1.91)

The problem I think is in the line :
[01/Jun/2000 16:49:55 00165] [info]  Connection: Client IP: 192.168.1.91, Protocol: 
SSLv3, Cipher: EXP1024-RC4-SHA 
(0/0 bits)
which with 128 bit Netscape/MS IE browsers looks something like :
[01/Jun/2000 16:54:42 00207] [info]  Connection: Client IP: 192.168.1.85, Protocol: 
SSLv3, Cipher: RC4-MD5 (128/128 
bits)
and in this last case everithing works fine.

I know that I have to deal with something in the Apache' s httpd.conf but I can' t
figure what to do.

My SSLCipherSuite directive looks like the following :
SSLCipherSuite ALL:!ADH:RC4+RSA:+SHA1:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL

Is there anyone who can help me ?


   -------------------------------------------
   Francesco D'Inzeo
   WinTech S.r.l.
   Via Lisbona 7
   35127 PADOVA (Italy)
   Tel. (+39)-(0)49-8703033
   Fax. (+39)-(0)49-8703045
   e-mail [EMAIL PROTECTED]


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]
Verisign SGC & Netscape International releases

Reply via email to
