I'm not really sure what to do or what exactly I am expecting using s_server but here are the results from my server.
]# openssl s_server -accept 4443 -www \ -cert /usr/local/apache/conf/ssl.crt/www.cert.crt \ -key /usr/local/apache/conf/ssl.key/www.cert.key \ -state -debug Using default temp DH parameters ACCEPT it waits for input, but no matter what I enter it just hangs. I have looked through the man page but I haven't found an example of how this is used so I don't quite get it. What should I look for? >>To date, I haven't found a machine that is afflicted with the problem that I can do this with :( What's your URL? I will look at your page and see if it works with my broken MSIE browser. At 10:51 AM 1/18/02 -0700, you wrote: >Run this command line and try to connect to it. >openssl s_server -accept 4443 -www -cert pathtocert -key pathtokey -state > >1) Make sure to change "pathtocert" and "pathtokey" to the appropriate >values, and for additional debug info add -debug... >2) Try to make sure you are using the same openssl that you compiled >apache with > >It simply creates a weblike version of SSL on port 4433 WITHOUT apache >that will print some debug info to the client.... feel free >to "man s_server" to get info about the program > >At least this way, you will be able to find out if the problem is with >SSL, or if it with (mod_ssl+apache) > >PS... please let me know as I am confronted with the EXACT problem you >have, and have been for 3 years... even after a full Linux >redhat upgrade to 7.2 (complete reformat, re-install) > >To date, I haven't found a machine that is afflicted with the problem that >I can do this with :( > >----- Original Message ----- >From: "Christopher Taranto" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, January 17, 2002 11:10 PM >Subject: RE: MSIE + "The page cannot be displayed" error > > > > Hi, > > > > I have been trying to fix the known MSIE browser issues in my configuration > > with some issues still occuring. > > > > I have read the FAQ, searched the archives, and implemented the solutions > > that have been documented - but I am still getting the dreaded "The page > > cannot be displayed" error when certain MSIE browsers attempt to connect to > > my site. I get the infamous log entry: > > > > [Fri Jan 18 00:55:53 2002] [error] mod_ssl: SSL handshake interrupted by > > system [Hint: Stop button pressed in browser?!] (System error follows) > > [Fri Jan 18 00:55:53 2002] [error] System: Connection reset by peer > > (errno: 104) > > > > Fortunately (for my sanity), I have one of non-working versions of the MSIE > > browsers (5.00.2614.3500) on one of the machines in my office so I can > > repeatedly create the errors. > > > > I am determined to squash this thing but I do not know where to go next. > > > > I have included the following information below: > > > > * SYSTEM INFORMATION > > * CONFIGURATION INFORMATION > > * BROWSER VERSION INFORMATION > > * CERTIFICATE STATISTICS FROM THE BROWSER > > > > Any help or further direction would be greatly appreciated! > > > > Sincerely, > > > > Christopher Taranto > > > > > > SYSTEM INFORMATION: > > =================== > > > > I am running Red Hat 6.2 on a Pentinum III using: > > > > * mod_ssl-2.8.5-1.3.22 > > * openssl-0.9.6b > > * mm-1.1.3 > > > > > > CONFIGURATION INFORMATION: > > ========================== > > > > <IfModule mod_ssl.c> > > > > AddType application/x-x509-ca-cert .crt > > AddType application/x-pkcs7-crl .crl > > > > SSLPassPhraseDialog builtin > > > > # I have also tried dbm but there was no difference > > SSLSessionCache > > shm:/usr/local/apache/logs/ssl_gcache_data(512000) > > SSLSessionCacheTimeout 300 > > > > SSLMutex file:logs/ssl_mutex > > > > SSLRandomSeed startup builtin > > SSLRandomSeed connect builtin > > > > SSLLog logs/ssl_engine_log > > SSLLogLevel info > > > > </IfModule> > > > > <VirtualHost> > > > > <snip> > > > > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > > > > BrowserMatch "MSIE [1-4]" nokeepalive \ > > ssl-unclean-shutdown \ > > downgrade-1.0 \ > > force-response-1.0 > > > > BrowserMatch "MSIE [5-9]" ssl-unclean-shutdown > > > > BrowserMatch "Mozilla/4..*PC)" nokeepalive \ > > downgrade-1.0 \ > > force-response-1.0 > > > > </snip> > > > > </VirtualHost> > > > > > > BROWSER VERSION INFORMATION > > =================================== > > > > MSIE 5.00.2614.3500 > > Cipher Strength: 40-bit > > > > > > CERTIFICATE STATS FROM THE BROWSER > > =================================== > > > > My certificate was generated using 1024 bits. > > > > Version: V3 > > Serial Number: 5A55 3FAD EB43 6649 7F8B 39BB 1D33 6DE1 > > Signature Algorithm: md5RSA > > Public Key: 3081 8902 8181 00BD D63A 500D 0FE0 CCA2 E7BB 804B 53DA E4CE > > 9F51 3D54 93A3 5D2E FC0E E3E2 7046 1EFF 6826 BB30 B8DC 4903 9A32 345F E769 > > 31D7 D313 6ECD 62BD 2CBE C070 AFD5 C1C8 9920 7442 5E44 2AED 7878 A566 DD3A > > 3445 0612 919A 0B74 2F6A E806 080F C7E7 9C68 7FAC 51D3 4EA9 0BC3 ABAF 27D2 > > 2C95 0A09 CD12 61B3 4DF2 0A88 1379 7552 5B1C D4CE 9F02 0301 0001 > > Basic Constraints: Subject Type=End Entity > > Path Length Constraint=None > > Key Usage: Digital Signature, Key Encipherment(A0) > > > > [1]CRL Distribution Point > > Distribution Point Name: > > Full Name: > > URL=http://crl.verisign.com/RSASecureServer.crl > > > > [1]Certificate Policy: > > PolicyIdentifier=2.16.840.1.113733.1.7.1.1 > > [1,1]Policy Qualifier Info: > > Policy Qualifier Id=1.3.6.1.5.5.7.2.1 > > Qualifier=161C 6874 7470 733A 2F2F 7777 772E 7665 7269 7369 676E > > 2E63 6F6D 2F43 5053 > > [1,2]Policy Qualifier Info: > > Policy Qualifier Id=1.3.6.1.5.5.7.2.2 > > Qualifier=3056 3015 160E 5665 7269 5369 676E 2C20 496E 632E 3003 > > 0201 011A 3D56 6572 6953 6967 6E27 7320 4350 5320 696E 636F 7270 2E20 6279 > > 2072 6566 6572 656E 6365 206C 6961 622E 206C 7464 2E20 2863 2939 3720 5665 > > 7269 5369 676E > > > > Server Authentication(1.3.6.1.5.5.7.3.1) > > Client Authentication(1.3.6.1.5.5.7.3.2) > > > > 2.16.840.1.113733.1.6.15: > > 16 09 39 32 36 30 32 32 ..926022 > > 34 32 37 427 > > > > Authority Information Access: [1]Authority Info Access > > AccessMethod=On-line Certificate Status Protocol(1.3.6.1.5.5.7.48.1) > > Alternative Name: > > URL=http://ocsp.verisign.com > > > > Thumbprint Algorithm: sha1 > > Thumbprint: CC1C DD7D BE05 C813 F119 813B 86E6 5717 5583 F981 > > > > > > > > > > > > > > > > ______________________________________________________________________ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]