> > > When I go to the url https://localhost > using netscape on the same box running > apache and mod_ssl, SSL appears to > work fine. > > But when I come in from a box other than > the box running apache and mod_ssl, I get > Page cannot be displayed. > > I have apache 1.3.20 RedHat, OpenSSL > version 0.9.6b, on redhat version 2.4.7-10. > > Is this because of the Servername ? I am at > a loss and cannot find the solution in the > mod_ssl documentation. Is there a set of > tests to help ferret out this problem ?
same (or similar) problem here. i've just installed these on a solaris 8 x86 box: - apache 1.3.23 - mod_ssl 2.8.7-1.3.23 - openssl 0.9.6c - fake certificate for testing using the snakeoil CA i can connect using openssl and curl, but netscape and mozilla from linux and IE 5.x from win98 are failing. all 3 clients can connect to other SSL sites without problem up to 128-bit. i've turned up the log level and see the following for the failed connections. [28/Feb/2002 09:57:43 11626] [info] Connection to child 5 established (server dev.topbox.net:443, client 68.65.62.5) [28/Feb/2002 09:57:43 11626] [info] Seeding PRNG with 255 bytes of entropy [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Handshake: start [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Loop: before/accept initialization [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Write: SSLv3 read client hello B [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read client hello B [28/Feb/2002 09:57:43 11626] [trace] OpenSSL: Exit: error in SSLv3 read client hello B [28/Feb/2002 09:57:43 11626] [error] SSL handshake failed (server dev.topbox.net:443, client 68.65.62.5) (OpenSSL library error follows) [28/Feb/2002 09:57:43 11626] [error] OpenSSL: error:1408A0C1:lib(20):func(138):reason(193) this is a connection using 'curl -v https://dev.topbox.net/': [28/Feb/2002 10:01:21 11619] [info] Connection to child 0 established (server dev.topbox.net:443, client 68.65.62.5) [28/Feb/2002 10:01:21 11619] [info] Seeding PRNG with 255 bytes of entropy [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: start [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: before/accept initialization [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client hello A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server hello A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write certificate A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write key exchange A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write server done A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read client key exchange A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 read finished A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 write finished A [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Loop: SSLv3 flush data [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache (DBM) Expiry: old: 3, new: 1, removed: 2 [28/Feb/2002 10:01:21 11619] [trace] Inter-Process Session Cache: request=SET status=OK id=50E1590207BA3AD79ABFF90030434FB8E8DF0F684802105EF43DCABCA4454C36 timeout=300s (session caching) [28/Feb/2002 10:01:21 11619] [trace] OpenSSL: Handshake: done [28/Feb/2002 10:01:21 11619] [info] Connection: Client IP: 68.65.62.5, Protocol: TLSv1, Cipher: EDH-DSS-DES-CBC3-SHA (168/168 bits) [28/Feb/2002 10:01:22 11619] [info] Initial (No.1) HTTPS request received for child 0 (server dev.topbox.net:443) [28/Feb/2002 10:01:22 11619] [trace] OpenSSL: Write: SSL negotiation finished successfully [28/Feb/2002 10:01:22 11619] [info] Connection to child 0 closed with standard shutdown (server dev.topbox.net:443, client 68.65.62.5) here's the startup info for apache+mod_ssl: [28/Feb/2002 10:02:23 11505] [info] Init: 5nd restart round (already detached) [28/Feb/2002 10:02:23 11505] [info] Init: Reinitializing OpenSSL library [28/Feb/2002 10:02:23 11505] [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0 [28/Feb/2002 10:02:23 11505] [info] Init: Seeding PRNG with 255 bytes of entropy [28/Feb/2002 10:02:23 11505] [info] Init: Configuring temporary RSA private keys (512/1024 bits) [28/Feb/2002 10:02:23 11505] [info] Init: Configuring temporary DH parameters (512/1024 bits) [28/Feb/2002 10:02:23 11505] [info] Init: Initializing (virtual) servers for SSL [28/Feb/2002 10:02:23 11505] [info] Init: Configuring server dev.topbox.net:443 for SSL protocol [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1) [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Configuring permitted SSL ciphers [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL] [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Configuring DSA server certificate [28/Feb/2002 10:02:23 11505] [trace] Init: (dev.topbox.net:443) Configuring DSA server private key i can turn loglevel up to debug if anyone thinks the extra output would be useful, but the logged results don't mean anything to me. :) -brad -- Brad Burdick | [EMAIL PROTECTED] http://media.org/ | The medium is NOT the message ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]