On Thu, Feb 15, 2001 at 05:04:41PM +0000, Andrew Cooke wrote:
> After spending the day trying to find differences in the code I am starting
> to wonder whether mod_ssl has a patch applied that is not in OpenSSL. Is
> that possible? (the mod_ssl I am using comes precompiled from
> openSA). Can anyone suggest any other possible difference (see details below)?
Do you try to set SSL_OP_ALL as of
http://www.openssl.org/docs/ssl/SSL_CTX_set_options.html ?
> - I am using SSLv3_method in my code and SSLProtocol: SSLv3 in Apache/mod_ssl
> - SSL diagnostics from my own server indicate that SSL3_GET_RECORD is
> seeing the wrong version
Without checking the mod_ssl source, I would rather recommend you to use
SSLv23_method and SSL_OP_NO_SSLv2 if you don't want to allow SSLv2.
See
http://www.openssl.org/docs/ssl/SSL_CTX_new.html
I expect this second point to be your problem.
Best regards,
Lutz
--
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
