hi Michael,
SSLv2 is obsolete and vulnerable to several attacks. It is always better not to use v2.
Did u tried with SSLv23 ..?
Samy
|
Michael Smith <[EMAIL PROTECTED]> Sent by:
07.02.2006 14:47
|
|
OK I have been able to 'fix' this by adding the following directive:
SSLProtocol SSLv2
Does this suggest a buggy SSL v3 implementation in openssl on my platform? Odd that nobody else is experiencing it.
Michael
On 1/31/06, Michael Smith <[EMAIL PROTECTED]> wrote:
Hello there
I've previously sent this to the mod_ssl list with no success. Sorry if you've seen it before:
I have apache compiled on solaris with sun cc with mod_ssl- 2.8.25-1.3.34 and openssl-0.9.8a (I've also tried 0.9.7i and the nightly build).
When accessing the site using Internet Explorer I have no problems. With Firefox the browser reports an 'incorrect Message Authentication Code' and the server logs report:
[Mon Jan 23 13:13:54 2006] [error] mod_ssl: SSL handshake failed (server xxx:443, client xxx) ( OpenSSL library error follows)
[Mon Jan 23 13:13:54 2006] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac
I do have previous builds that 'work' ... but have been unable to determine precisely what change initiated this problem. It might be the release of openssl, it might also be the Sun compiler, which was now from studio 11 and was previously from an earlier version which I don't have access to any more.
Any suggestions much appreciated
Thanks
Michael Smith
