Hi everyone.
I succesfully installed Apache+mod_ssl+php3 on an Win NT box
and installed a Verisign Global Server ID Certificate (SGC).
Everything works fine, except when dealing with Netscape
international release (yes even the last 4.72) which stops
saying that there is a network error.
Looking at the engine.log i found the following lines:
[01/Jun/2000 16:49:36 00088] [info] Server: OpenSA/0.20 Apache/1.3.12, Interface:
mod_ssl/2.6.2, Library:
OpenSSL/0.9.5
[01/Jun/2000 16:49:36 00088] [warn] You are using mod_ssl under Win32. This
combination is *NOT* officially
supported. Use it at your own risk!
[01/Jun/2000 16:49:36 00088] [info] Init: 1st startup round (still not detached)
[01/Jun/2000 16:49:36 00088] [info] Init: Initializing OpenSSL library
[01/Jun/2000 16:49:36 00088] [info] Init: Loading certificate & private key of
SSL-aware server
www.mydomain.com:443
[01/Jun/2000 16:49:36 00088] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:36 00088] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary DH parameters
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary RSA private keys
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary DH parameters
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Initializing (virtual) servers for SSL
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring server www.mydomain.com:443 for
SSL protocol
[01/Jun/2000 16:49:37 00088] [info] Init: (www.mydomain.com:443) RSA server
certificate enables Server Gated
Cryptography (SGC)
[01/Jun/2000 16:49:37 00088] [info] Init: 2nd startup round (already detached)
[01/Jun/2000 16:49:37 00088] [info] Init: Reinitializing OpenSSL library
[01/Jun/2000 16:49:37 00088] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary RSA private keys
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary DH parameters
(512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Initializing (virtual) servers for SSL
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring server www.mydomain.com:443 for
SSL protocol
[01/Jun/2000 16:49:38 00088] [info] Init: (www.mydomain.com:443) RSA server
certificate enables Server Gated
Cryptography (SGC)
[01/Jun/2000 16:49:38 00165] [info] Server: OpenSA/0.20 Apache/1.3.12, Interface:
mod_ssl/2.6.2, Library:
OpenSSL/0.9.5
[01/Jun/2000 16:49:38 00165] [warn] You are using mod_ssl under Win32. This
combination is *NOT* officially
supported. Use it at your own risk!
[01/Jun/2000 16:49:38 00165] [info] Init: 1st startup round (still not detached)
[01/Jun/2000 16:49:38 00165] [info] Init: Initializing OpenSSL library
[01/Jun/2000 16:49:38 00165] [info] Init: Loading certificate & private key of
SSL-aware server
www.mydomain.com:443
[01/Jun/2000 16:49:38 00165] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:38 00165] [info] Init: Generating temporary RSA private keys
(512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info] Init: Configuring temporary DH parameters
(512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:39 00165] [info] Init: Configuring temporary RSA private keys
(512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info] Init: Configuring temporary DH parameters
(512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info] Init: Initializing (virtual) servers for SSL
[01/Jun/2000 16:49:39 00165] [info] Init: Configuring server www.mydomain.com:443 for
SSL protocol
[01/Jun/2000 16:49:40 00165] [info] Init: (www.mydomain.com:443) RSA server
certificate enables Server Gated
Cryptography (SGC)
[01/Jun/2000 16:49:54 00165] [info] Connection to child 0 established (server
www.mydomain.com:443, client
192.168.1.91)
[01/Jun/2000 16:49:54 00165] [info] Seeding PRNG with 1160 bytes of entropy
[01/Jun/2000 16:49:55 00165] [info] Connection: Client IP: 192.168.1.91, Protocol:
SSLv3, Cipher: EXP1024-RC4-SHA
(0/0 bits)
[01/Jun/2000 16:49:55 00165] [info] Connection to child 0 closed with standard
shutdown (server
www.mydomain.com:443, client 192.168.1.91)
The problem I think is in the line :
[01/Jun/2000 16:49:55 00165] [info] Connection: Client IP: 192.168.1.91, Protocol:
SSLv3, Cipher: EXP1024-RC4-SHA
(0/0 bits)
which with 128 bit Netscape/MS IE browsers looks something like :
[01/Jun/2000 16:54:42 00207] [info] Connection: Client IP: 192.168.1.85, Protocol:
SSLv3, Cipher: RC4-MD5 (128/128
bits)
and in this last case everithing works fine.
I know that I have to deal with something in the Apache' s httpd.conf but I can' t
figure what to do.
My SSLCipherSuite directive looks like the following :
SSLCipherSuite ALL:!ADH:RC4+RSA:+SHA1:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP:+eNULL
Is there anyone who can help me ?
-------------------------------------------
Francesco D'Inzeo
WinTech S.r.l.
Via Lisbona 7
35127 PADOVA (Italy)
Tel. (+39)-(0)49-8703033
Fax. (+39)-(0)49-8703045
e-mail [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]