Jeff,
I'm unlikely to be much help on the SSL side (I'm still a newbie to this).
I can get through on https://www.colosoft.com and https://www.coloinfotech.com
using MS IE 5.01/128.
How about revisiting the IE installations. Have any service packs undone
anything - or do you need to reinstall service packs - I would always avoid
reapplying SPs as it always breaks something to do with security. For
example I
have to reinstall Entrust Desktop and IE5/128 each time I reapply SP5
(no version control checks seemingly being done at installation).
At 12:34 16/07/00 -0600, you wrote:
>hey all,
> if i tell ie to not use sslv3 or tlsv1 in the advanced options
>(theorizing that it would then use sslv2, which was enabled) I still do not
>connect, however I get very different errors in the ssl_engine_log than what
>I was getting when trying to connect via sslv3. I can post those errors if
>needed.
>----- Original Message -----
>From: "Jeff Gelina" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Sunday, July 16, 2000 12:28 PM
>Subject: Re: msie AGAIN
>
>
>> Ok, when I put it in debug mode with the new configuration I found that
>one
>> log file and only one file changes when i try to access the https site
>with
>> IE. That file is ssl_engine_log and here is what changes minus the bio
>> dumps which were just a bunch of hex.
>>
>> [16/Jul/2000 11:18:25 15029] [info] Seeding PRNG with 1160 bytes of
>entropy
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Handshake: start
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: before/accept
>> initialization
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: read 11/11 bytes from
>> BIO#080F4AA8
>> [mem: 080FA1F0] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [trace] Inter-Process Session Cache:
>> request=GET st
>> atus=MISSED
>> id=309590E9D2CA6A50F56AC3475AF55D91F0436BB996781DECB16C18A37AB60355
>> (session renewal)
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 read client
>hello
>> A
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 write server
>hello
>> A
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 write
>certificate
>> A
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 write server
>done
>> A
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: write 876/876 bytes to
>> BIO#080F4AA
>> 8 [mem: 08107688] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 flush data
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: read 5/5 bytes from
>> BIO#080F4AA8 [
>> mem: 080FA1F0] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: read 134/134 bytes from
>> BIO#080F4A
>> A8 [mem: 080FA1F5] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 read client key
>> exchan
>> ge A
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: read 5/5 bytes from
>> BIO#080F4AA8 [
>> mem: 080FA1F0] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: read 1/1 bytes from
>> BIO#080F4AA8 [
>> mem: 080FA1F5] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: read 5/5 bytes from
>> BIO#080F4AA8 [
>> mem: 080FA1F0] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: read 36/36 bytes from
>> BIO#080F4AA8
>> [mem: 080FA1F5] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 read finished A
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 write change
>> cipher sp
>> ec A
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 write finished A
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: write 47/47 bytes to
>> BIO#080F4AA8
>> [mem: 08107688] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Loop: SSLv3 flush data
>> [16/Jul/2000 11:18:25 15029] [trace] Inter-Process Session Cache:
>> request=SET st
>> atus=OK
>id=95F69C732CD78360E18A4C3E7786223C9117E932FB7848875B0892B06210F8A8
>> time
>> out=300s (session caching)
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Handshake: done
>> [16/Jul/2000 11:18:25 15029] [info] Connection: Client IP: 209.12.32.66,
>> Protoc
>> ol: TLSv1, Cipher: EXP1024-RC4-SHA (56/128 bits)
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: read 0/18437 bytes from
>> BIO#080F4A
>> A8 [mem: 080FA1F0] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [debug] OpenSSL: write 27/27 bytes to
>> BIO#080F4AA8
>> [mem: 08102A00] (BIO dump follows)
>> [16/Jul/2000 11:18:25 15029] [trace] OpenSSL: Write: SSL negotiation
>> finished su
>> ccessfully
>> [16/Jul/2000 11:18:25 15029] [info] Connection to child 0 closed with
>> standard
>> shutdown (server minnesota.coinfotech.com:443, client 209.12.32.66)
>>
>> Can you decipher this???
>>
>> ----- Original Message -----
>> From: "Martin Lichtin" <[EMAIL PROTECTED]>
>> To: <[EMAIL PROTECTED]>
>> Sent: Saturday, July 15, 2000 7:18 PM
>> Subject: Re: msie AGAIN
>>
>>
>> > > Ok, I have done as you have requested (it was a pain in the butt) you
>> will
>> > > see the new page at http://minnesota.coinfotech.com but you will not
>> be
>> > > able to access the https with any ie browser. Netscape will see it
>just
>> > > fine. Hence, same problem.
>> >
>> > What messages do you see in the ssl.log when you increase the debug
>level?
>> > Try
>> > SSLLog ssl.log
>> > SSLLogLevel debug
>> >
>>
>> ______________________________________________________________________
>> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>> User Support Mailing List [EMAIL PROTECTED]
>> Automated List Manager [EMAIL PROTECTED]
>>
>
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
>
regards
-david
--------------------
Technical Director (CTO) mailto:[EMAIL PROTECTED]
Carvel Solutions Ltd. http://www.carvel.co.uk
Software, Internet & E-Commerce Solutions
Vindolanda, Abbeytown, Carlisle, Cumbria, CA5 4RG, UK.
Tel/Fax: +44 16973 61173
Mobile: +44 411 125307
"Never be afraid to try something new. Remember, amateurs built the Ark;
professionals built the Titanic."
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
