SSL aware server not encrypting

Sun, 16 Mar 2003 15:49:39 -0800

    I 've had this problem for a while, i have two servers, Only one is publiccly visible at any one time,  when the first goes down i (should be) enable the second one on our firewall by changeing the nat.  BUT on the second server apache never seems to negoiate a secure connection!
 
by this i mean "https" will not work, but http://....:443 will work.
 
Both servers have an identical build and config structure.
 
For you help i have include the ssl log level (debug)
 
[17/Mar/2003 10:32:25 01224] [info]  Server: Apache/1.3.26, Interface: mod_ssl/2.8.10, Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:25 01224] [warn]  You are using mod_ssl under Win32. This combination is *NOT* officially supported. Use it at your own risk!
[17/Mar/2003 10:32:25 01224] [info]  Init: 1st startup round (still not detached)
[17/Mar/2003 10:32:25 01224] [info]  Init: Initializing OpenSSL library
[17/Mar/2003 10:32:25 01224] [info]  Init: Loading certificate & private key of SSL-aware server mytest.com.au:443
[17/Mar/2003 10:32:25 01224] [trace] Init: (mytest.com.au:443) unencrypted RSA private key - pass phrase not required
[17/Mar/2003 10:32:25 01224] [info]  Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:25 01224] [info]  Init: Generating temporary RSA private keys (512/1024 bits)
[17/Mar/2003 10:32:25 01224] [info]  Init: Configuring temporary DH parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] [info]  Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary RSA private keys (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary DH parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Initializing (virtual) servers for SSL
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring server mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers [!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring client authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] [info]  Init: (mytest.com.au:443) RSA server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring RSA server private key
[17/Mar/2003 10:32:26 01224] [info]  Init: 2nd startup round (already detached)
[17/Mar/2003 10:32:26 01224] [info]  Init: Reinitializing OpenSSL library
[17/Mar/2003 10:32:26 01224] [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:26 01224] [info]  Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary RSA private keys (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring temporary DH parameters (512/1024 bits)
[17/Mar/2003 10:32:26 01224] [info]  Init: Initializing (virtual) servers for SSL
[17/Mar/2003 10:32:26 01224] [info]  Init: Configuring server mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers [!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring client authentication
[17/Mar/2003 10:32:26 01224] [trace] CA certificate: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring RSA server certificate
[17/Mar/2003 10:32:26 01224] [info]  Init: (mytest.com.au:443) RSA server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:26 01224] [trace] Init: (mytest.com.au:443) Configuring RSA server private key
[17/Mar/2003 10:32:27 00912] [info]  Server: Apache/1.3.26, Interface: mod_ssl/2.8.10, Library: OpenSSL/0.9.6d
[17/Mar/2003 10:32:27 00912] [warn]  You are using mod_ssl under Win32. This combination is *NOT* officially supported. Use it at your own risk!
[17/Mar/2003 10:32:27 00912] [info]  Init: 1st startup round (still not detached)
[17/Mar/2003 10:32:27 00912] [info]  Init: Initializing OpenSSL library
[17/Mar/2003 10:32:27 00912] [info]  Init: Loading certificate & private key of SSL-aware server mytest.com.au:443
[17/Mar/2003 10:32:27 00912] [trace] Init: (mytest.com.au:443) unencrypted RSA private key - pass phrase not required
[17/Mar/2003 10:32:27 00912] [info]  Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:27 00912] [info]  Init: Generating temporary RSA private keys (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring temporary DH parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [trace] Inter-Process Session Cache (DBM) Expiry: old: 0, new: 0, removed: 0
[17/Mar/2003 10:32:28 00912] [info]  Init: Seeding PRNG with 136 bytes of entropy
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring temporary RSA private keys (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring temporary DH parameters (512/1024 bits)
[17/Mar/2003 10:32:28 00912] [info]  Init: Initializing (virtual) servers for SSL
[17/Mar/2003 10:32:28 00912] [info]  Init: Configuring server mytest.com.au:443 for SSL protocol
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) Creating new SSL context (protocols: SSLv2)
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) Configuring permitted SSL ciphers [!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL]
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) Configuring client authentication
[17/Mar/2003 10:32:28 00912] [trace] CA certificate: /O=VeriSign Trust Network/OU=VeriSign, Inc./OU=VeriSign International Server CA - Class 3/OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) Configuring RSA server certificate
[17/Mar/2003 10:32:28 00912] [info]  Init: (mytest.com.au:443) RSA server certificate enables Server Gated Cryptography (SGC)
[17/Mar/2003 10:32:28 00912] [trace] Init: (mytest.com.au:443) Configuring RSA server private key
 
 
 
 
Regards,
 
Vince

Reply via email to