I have a web-site supporting HTTPS.
Everything is OK interfacing web browsers like IE.
Lately I needed to interface with a Java client, full connection can not be establish.
In order to debug I used:
openssl s_server -cipher 'ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL' -cert /etc/httpd/conf/ssl.crt/server.crt -key /etc/httpd/conf/ssl.key/server.key -accept 443 -debug -state -HTTP
where the indicated cipher is the exact ciphersuit I have in the web server, and cert and key are the same a the ones used in my web server.
Using the openssl in debug, Java client receives the response.
I am trying to understand the difference in web server behavior and openssl in debug mode behavior. Why when in debug, everything goes well, while in web server mode, it fails?
my server conf:
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/tranzit_ssl_request_log clfa
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+SSLv2:-EXP:+eNULL
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/tranzit_ssl_request_log clfa
Hope there is someone that can help.
Jacob
Everyone is raving about the all-new Yahoo! Mail beta.
