On Fri, Sep 01, 2000, Lars Steinke wrote:
> the problem with the bad mac decode error message I posted here earlier
> seems to be connected with the broken SSL implementation in Netscape
> Enterprise Server 3.5. As there was no resonance at all, I had to switch
> to SSL Proxy from http://www.obdev.at/Products/sslproxy.html which
> features the possibility of enabling some sort of compatibility mode in
> OpenSSL that gets rid of the bad mac decode message.
>
> As there seems to be no mention of this in the mod_ssl documentation my
> simple question now is: How to enable the OpenSSL compatibility mode for
> NS Enterprise Server 3.5 in mod_ssl (no, +SSLv2 does not seem to do the
> trick...) ?
What you're speaking about is sslproxy's -C option which
internally does:
SSL_CTX_set_options(sslContext, SSL_OP_ALL);
But mod_ssl actually does the same (see ssl_engine_init.c). So I'm surprised
that OpenSSL should behave differently with sslproxy. Can you give more
details on how you actually run sslproxy?
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]