Florin Andrei wrote:
> Oleg Makarenko wrote:
> >
> > Florin Andrei wrote:
> >
> > > 56-bit IE5 works with apache_ssl but doesn't work with mod_ssl
> >
> > Was apache_ssl compiled with the same openssl library? What openssl library do
> > you use?
>
> Yes, it was compiled with the same library: 0.9.5a installed from RPMs on a
> Linux Red Hat 6.2 system.
>
That means apache_ssl has EXP56 cipher suit disabled by default... Or it was compiled
with 0.9.4 that has EXPERIMENTAL_CIPHERSUITS disabled (ssl/tls1.h)... you can disable
EXP56 cipher in apache.conf file or by recompiling opnessl without ANY experimental
ciphers... the real solution is to find what is wrong with these experemental ciphers
and SGC... but that is the task for openssl team... btw, without EXP56 cipher support
in apache IE 5.01 steps up to 128 bits even without schannel.dll patch...
> > mod_ssl also works with 5.01 56bit IE when it is linked with openssl 0.9.4...
> > And it doesn't work with 0.9.5x...
>
> I already tried that. It doesn't work with openssl-0.9.4 installed from
> RPMs. However, i didn't tried to compile myself openssl, i always use RPMs on
> production systems.
>
You don't need to recompile. Use the nice workaround from David Rees:
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
Oleg
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
