> 
> 
> When I go to the url https://localhost
> using netscape on the same box running
> apache and mod_ssl, SSL appears to 
> work fine.
> 
> But when I come in from a box other than 
> the box running apache and mod_ssl, I get 
> Page cannot be displayed.
> 
> I have apache 1.3.20 RedHat, OpenSSL 
> version 0.9.6b, on redhat version 2.4.7-10.
> 
> Is this because of the Servername ?  I am at
> a loss and cannot find the solution in the
> mod_ssl documentation.  Is there a set of 
> tests to help ferret out this problem ?

same (or similar) problem here.

i've just installed these on a solaris 8 x86 box:

 - apache 1.3.23
 - mod_ssl 2.8.7-1.3.23
 - openssl 0.9.6c
 - fake certificate for testing using the snakeoil CA


i can connect using openssl and curl, but netscape and mozilla from linux
and IE 5.x from win98 are failing.  all 3 clients can connect to other SSL
sites without problem up to 128-bit.


i've turned up the log level and see the following for the failed connections.

 [28/Feb/2002 09:57:43 11626] [info]  Connection to child 5 established (server 
dev.topbox.net:443, client 68.65.62.5)
 [28/Feb/2002 09:57:43 11626] [info]  Seeding PRNG with 255 bytes of entropy
 [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Handshake: start
 [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Loop: before/accept initialization
 [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Write: SSLv3 read client hello B
 [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read client hello B
 [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read client hello B
 [28/Feb/2002 09:57:43 11626] [error] SSL handshake failed (server dev.topbox.net:443, 
client 68.65.62.5) (OpenSSL library error follows)
 [28/Feb/2002 09:57:43 11626] [error] OpenSSL: 
error:1408A0C1:lib(20):func(138):reason(193)


this is a connection using 'curl -v https://dev.topbox.net/':

 [28/Feb/2002 10:01:21 11619] [info]  Connection to child 0 established (server 
dev.topbox.net:443, client 68.65.62.5)
 [28/Feb/2002 10:01:21 11619] [info]  Seeding PRNG with 255 bytes of entropy
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: start
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: before/accept initialization
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client hello A
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server hello A
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write certificate A
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write key exchange A
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server done A
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client key exchange A
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read finished A
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write finished A
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data
 [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache (DBM) Expiry: old: 
3, new: 1, removed: 2
 [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache: request=SET 
status=OK id=50E1590207BA3AD79ABFF90030434FB8E8DF0F684802105EF43DCABCA4454C36 
timeout=300s (session caching)
 [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: done
 [28/Feb/2002 10:01:21 11619] [info]  Connection: Client IP: 68.65.62.5, Protocol: 
TLSv1, Cipher: EDH-DSS-DES-CBC3-SHA (168/168 bits)
 [28/Feb/2002 10:01:22 11619] [info]  Initial (No.1) HTTPS request received for child 
0 (server dev.topbox.net:443)
 [28/Feb/2002 10:01:22 11619] [trace] OpenSSL: Write: SSL negotiation finished 
successfully
 [28/Feb/2002 10:01:22 11619] [info]  Connection to child 0 closed with standard 
shutdown (server dev.topbox.net:443, client 68.65.62.5)


here's the startup info for apache+mod_ssl:

 [28/Feb/2002 10:02:23 11505] [info]  Init: 5nd restart round (already detached)
 [28/Feb/2002 10:02:23 11505] [info]  Init: Reinitializing OpenSSL library
 [28/Feb/2002 10:02:23 11505] [trace] Inter-Process Session Cache (DBM) Expiry: old: 
0, new: 0, removed: 0
 [28/Feb/2002 10:02:23 11505] [info]  Init: Seeding PRNG with 255 bytes of entropy
 [28/Feb/2002 10:02:23 11505] [info]  Init: Configuring temporary RSA private keys 
(512/1024 bits)
 [28/Feb/2002 10:02:23 11505] [info]  Init: Configuring temporary DH parameters 
(512/1024 bits)
 [28/Feb/2002 10:02:23 11505] [info]  Init: Initializing (virtual) servers for SSL
 [28/Feb/2002 10:02:23 11505] [info]  Init: Configuring server dev.topbox.net:443 for 
SSL protocol
 [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Creating new SSL 
context (protocols: SSLv2, SSLv3, TLSv1)
 [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Configuring permitted 
SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
 [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Configuring DSA 
server certificate
 [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Configuring DSA 
server private key


i can turn loglevel up to debug if anyone thinks the extra output would be
useful, but the logged results don't mean anything to me. :)

-brad
-- 
Brad Burdick      | [EMAIL PROTECTED]
http://media.org/ | The medium is NOT the message
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to