Thanks.
Is there a way to force apache/modssl to use ssl2 or ssl3 in a
reverse proxy situation?
Charles.
OpenSSL> s_client -connect website.ora.com:443 -ssl2
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Sebastopol/O=O'Reilly and
Associates/OU=Software/CN=website.ora.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Sebastopol/O=O'Reilly and
Associates/OU=Software/CN=website.ora.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Server certificate
.... etc ....
OpenSSL> s_client -connect website.ora.com:443 -ssl3
CONNECTED(00000003)
depth=0 /C=US/ST=California/L=Sebastopol/O=O'Reilly and
Associates/OU=Software/CN=website.ora.com
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 /C=US/ST=California/L=Sebastopol/O=O'Reilly and
Associates/OU=Software/CN=website.ora.com
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
0 s:/C=US/ST=California/L=Sebastopol/O=O'Reilly and
Associates/OU=Software/CN=website.ora.com
i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification
Authority
---
Server certificate
.... etc ....
On Wed, 30 Jun 1999, Thomas Reinke wrote:
> Date: Wed, 30 Jun 1999 23:46:34 -0400
> From: Thomas Reinke <[EMAIL PROTECTED]>
> Reply-To: [EMAIL PROTECTED]
> To: [EMAIL PROTECTED]
> Subject: Re: openssl and WebSite
>
> This site uses Web Site Pro and doesn't seem to like auto detecting
> the version of SSL in use.
>
> So, try
> s_client -connect website.ora.com:443 -ssl2
> or
> s_client -connect website.ora.com:443 -ssl3
>
> The URL site (shameless plug?) http://www.e-softinc.com/probe/probe.html
> will let you query a server using SSLeay and make sure that it
> talks properly. It does this by issuing the above sequence of
> commands (and adds -tls1 as a third attempt) to try to talk
> to the server.
>
> Thomas
>
> Charles Arsenault wrote:
> >
> > If anybody has a clue, please let me know.
> >
> > I am getting an error when trying to connect to any WebSite server using
> > openssl:
> >
> > ---------------------------------------------------------------------------
> >
> > OpenSSL> s_client -debug -connect website.ora.com:443
> > CONNECTED(00000003)
> > write to 081015C0 [08138000] (109 bytes => 109 (0x6D))
> > 0000 - 80 6b 01 03 01 00 42 00-00 00 20 00 00 16 00 00 .k....B... .....
> > 0010 - 13 00 00 0a 00 00 07 00-00 05 00 00 04 00 00 15 ................
> > 0020 - 00 00 12 00 00 09 07 00-c0 05 00 80 03 00 80 01 ................
> > 0030 - 00 80 08 00 80 06 00 40-00 00 14 00 00 11 00 00 .......@........
> > 0040 - 08 00 00 06 00 00 03 04-00 80 02 00 80 bb 2e 29 ...............)
> > 0050 - 5f 15 6a fe e0 10 d5 ea-dd 1f b4 7e c5 70 a9 5e _.j........~.p.^
> > 0060 - 85 a4 b0 f5 e9 17 79 d3-64 84 d5 2d c3 ......y.d..-.
> > read from 081015C0 [0813E000] (7 bytes => -1 (0xFFFFFFFF))
> > write:errno=54
> >
> > ---------------------------------------------------------------------------
> >
> > This does work with Apache:
> >
> > ---------------------------------------------------------------------------
> >
> > OpenSSL> s_client -debug -connect www.openssl.org:443
> > CONNECTED(00000003)
> > write to 081015C0 [08138000] (109 bytes => 109 (0x6D))
> > 0000 - 80 6b 01 03 01 00 42 00-00 00 20 00 00 16 00 00 .k....B... .....
> > 0010 - 13 00 00 0a 00 00 07 00-00 05 00 00 04 00 00 15 ................
> > 0020 - 00 00 12 00 00 09 07 00-c0 05 00 80 03 00 80 01 ................
> > 0030 - 00 80 08 00 80 06 00 40-00 00 14 00 00 11 00 00 .......@........
> > 0040 - 08 00 00 06 00 00 03 04-00 80 02 00 80 34 6d 8a .............4m.
> > 0050 - e6 7a bb 29 15 e5 0f 1d-82 d8 c0 ee fa 67 8f 6e .z.).........g.n
> > 0060 - 56 5b 17 75 63 57 df 3e-fc f9 33 70 db V[.ucW.>..3p.
> > read from 081015C0 [0813E000] (7 bytes => 7 (0x7))
> > 0000 - 16 03 01 00 4a 02 ....J.
> > 0007 - <SPACES/NULS>
> > ....etc ....
> >
> > ---------------------------------------------------------------------------
> >
> > and IIS:
> >
> > ---------------------------------------------------------------------------
> >
> > OpenSSL> s_client -debug -connect www.microsoft.com:443
> > CONNECTED(00000003)
> > write to 081015C0 [08138000] (109 bytes => 109 (0x6D))
> > 0000 - 80 6b 01 03 01 00 42 00-00 00 20 00 00 16 00 00 .k....B... .....
> > 0010 - 13 00 00 0a 00 00 07 00-00 05 00 00 04 00 00 15 ................
> > 0020 - 00 00 12 00 00 09 07 00-c0 05 00 80 03 00 80 01 ................
> > 0030 - 00 80 08 00 80 06 00 40-00 00 14 00 00 11 00 00 .......@........
> > 0040 - 08 00 00 06 00 00 03 04-00 80 02 00 80 01 9e 2a ...............*
> > 0050 - 2b 38 3c 0e 45 65 d2 43-c5 17 69 c4 e8 d5 31 86 +8<.Ee.C..i...1.
> > 0060 - 7b b6 cd 5f dc 3c 1c 1b-25 c8 24 b1 61 {.._.<..%.$.a
> > read from 081015C0 [0813E000] (7 bytes => 7 (0x7))
> > 0000 - 16 03 01 02 64 02 ....d.
> > 0007 - <SPACES/NULS>
> > .... etc ....
> >
> > ---------------------------------------------------------------------------
> >
> > --
> > Charles Arsenault <[EMAIL PROTECTED]>
> > Internet Security Administrator
> > Tel: +1-514-868-7813
> > Fax: +1-514-868-8357
> >
> > ______________________________________________________________________
> > OpenSSL Project http://www.openssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>
> --
> ------------------------------------------------------------
> Thomas Reinke Tel: (416) 460-7021
> Director of Technology Fax: (416) 598-2319
> E-Soft Inc. http://www.e-softinc.com
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
Charles Arsenault <[EMAIL PROTECTED]>
Internet Security Administrator
Tel: +1-514-868-7813
Fax: +1-514-868-8357
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]