Hi All,
*Apologies to readers of Openssl who received this when I placed it on the wrong
mailing list :(
I am having problems with users connecting to my secure web server
(Apache/1.3.12 mod_ssl/2.6.6 OpenSSL/0.9.5a) running on 64bit HPUX 11.00.
The build install went fine, and has been running for a while (pre and post
modssl update.)
I have the age-old issue of users getting prompted for client certs more or less
constantly - I am still hunting information, but I wont bore you with that for
now :)
What I have found that is interesting is something in my logs when tracking down
this issue:
Client is a.b.c.d (IE 5.00.3105.010600 SP1 - 128 bit)
I am forced to hide the IP's to protect the innocent.
[21/Sep/2000:14:14:39 +1000] a.b.c.d TLSv1 RC4-MD5 "GET
/a04hih/out/a04tst01_20000904_16.38.35_trpr04_file1.pdf HTTP/1.1" 2471
[21/Sep/2000:13:54:33 +1000] a.b.c.d TLSv1 RC4-MD5 "GET / HTTP/1.1" 0
[21/Sep/2000 13:52:06 01605] [error] SSL handshake failed (server myserver:443,
client a.b.c.d) (OpenSSL library error follows)
[21/Sep/2000 13:52:06 01605] [error] OpenSSL: error:1408B074:SSL
routines:SSL3_GET_CLIENT_KEY_EXCHANGE:bad protocol version numbe
However, in the 'Internet Options' in MSIE, the user has ONLY SSLv2 and SSLv3
selected.
TLS is _deselected_
So why is a TLS connection formed ?
Any Suggestions?
***************************************************************************
This message and any attachments is/are intended for the person/s to whom
it was addressed. It may contain privileged or confidential information.
If you have received this message in error, please notify the sender
promptly and destroy the message without copying it or divulging its
contents to any person.
***************************************************************************
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
