Hello, I compiled apache-1.3.2+mod_ssl-2.8.6+php-4.1.1 sucessfully on RH 7.2 Linux.
I created certificates, modified httpd.conf for my needs and started apache with ssl option. Things seemed to be working fine - even tested with lynx browser to see wheather https://localhost gives a connection - and it did! But when tested with M$ IE 5.0 (with high encryption patch that allows 128 bit chipher), I constantly ran into "page cannot be displayed" - eventhough I modified httpd.conf's SSL section several times as suggested here before. (if IE setenv xxx and, SSL -v3, session cache things) Any time - lynx displays the page and IE doesn't. Here are two samples from my ssl_engine_log. First one with lynx browser, second one with my troublesome IE. (also included server startup lines to ensure that server is running smoothly) server startup: ----------------- 06/Feb/2002 10:29:06 09923] [info] Init: Configuring server emedia.se:443 for SSL protocol [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP] [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server certificate [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring RSA server private key [06/Feb/2002 10:29:06 09923] [trace] Init: (emedia.se:443) Configuring server certificate chain (1 CA certificate) ------------- Lynx browser: ---------------- [06/Feb/2002 10:29:41 09924] [info] Connection to child 0 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:29:41 09924] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write key exchange A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:29:41 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:29:42 09924] [trace] Inter-Process Session Cache: request=SET status=OK id=6ACADD8B778A6BFFDF0E22CCC0023F4B080C297422FA989923FC36348E3FFD83 timeout=599s (session caching) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:29:42 09924] [info] Connection: Client IP: 212.107.xx.xx, Protocol: TLSv1, Cipher: EDH-RSA-DES-CBC3-SHA (168/168 bits) [06/Feb/2002 10:29:42 09924] [info] Initial (No.1) HTTPS request received for child 0 (server emedia.se:443) [06/Feb/2002 10:29:42 09924] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:29:42 09924] [info] Connection to child 0 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) -------------- Now with IE --------------- Connection to child 1 established (server emedia.se:443, client 212.107.xx.xx) [06/Feb/2002 10:32:37 09925] [info] Seeding PRNG with 23177 bytes of entropy [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: start [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: before/accept initialization [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server hello A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write certificate A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write server done A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 read finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 write finished A [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Loop: SSLv3 flush data [06/Feb/2002 10:32:37 09925] [trace] Inter-Process Session Cache: request=SET st atus=OK id=C52B666B384B0E4DD7F0BDB6D6F8E8118E3AA5748DF993A553C4CC4E2FB86606 timeout=600s (session caching) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Handshake: done [06/Feb/2002 10:32:37 09925] [info] Connection: Client IP: 212.107.xx.xx, Protocol: SSLv3, Cipher: RC4-MD5 (128/128 bits) [06/Feb/2002 10:32:37 09925] [trace] OpenSSL: Write: SSL negotiation finished successfully [06/Feb/2002 10:32:37 09925] [info] Connection to child 1 closed with standard shutdown (server emedia.se:443, client 212.107.xx.xx) ---------- Best regards, Thomas. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
