On Sat, Nov 24, 2007 at 11:56:49PM -0500, Bob Johnson wrote: > >>> SSL 2.0 [length 007a], CLIENT-HELLO > 01 03 01 00 51 00 00 00 20 00 00 39 00 00 38 00 > 00 35 00 00 16 00 00 13 00 00 0a 07 00 c0 00 00 > 33 00 00 32 00 00 2f 00 00 07 05 00 80 03 00 80 > 00 00 05 00 00 04 01 00 80 00 00 15 00 00 12 00 > 00 09 06 00 40 00 00 14 00 00 11 00 00 08 00 00 > 06 04 00 80 00 00 03 02 00 80 37 bf 69 76 53 ce > 0a d5 8c d5 78 8e 94 73 05 84 d7 13 d6 2a fe 77 > b8 8b be b0 dc e2 72 5f 4f d3 > SSL_connect:SSLv2/v3 write client hello A > read from 0x80bb680 [0x80c1260] (7 bytes => 4 (0x4)) > 0000 - 68 69 55 53 hiUS > read from 0x80bb680 [0x80c1264] (3 bytes => 0 (0x0)) > 15772:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake > failure:s23_lib.c:188: > What version of openssl are you using? Try adding the following line to that failing vhost:
SSLCipherSuite ALL:!SSLv2 (You probably want to tune it more later if you care about the security, but the important thing here is to get rid of SSLv2) To see which ciphers this opens up, run openssl ciphers -v 'ALL:!SSLv2' vh Mads Toftum -- http://soulfood.dk ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager [EMAIL PROTECTED]
