On Fri, Feb 4, 2011 at 19:08, Ryan Wehrle <ryaner...@gmail.com> wrote: > I forgot to add, I am using client certificate authentication. > httpd.conf > <Directory "Z:/Apache/_MilesMilitusCallidus.com_SSL"> > SSLVerifyClient require > SSLVerifyDepth 1 > SSLRequireSSL > SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 > Options FollowSymLinks ExecCGI > Order allow,deny > Allow from all > </Directory> > > Configuration changed with no set servername in the SSL config. > Logs when using Opera to connect to https://milesmilituscallidus.com. Opera > has a VALID user cert that works in every other browser, but Opera never > loads the page. It stays as a white page, reloading every so often. > Logs: > [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1993): [client > 67.167.32.58] No matching SSL virtual host for servername > milesmilituscallidus.com found (using default/first virtual host) > [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1884): OpenSSL: > Write: SSLv3 read client hello C > [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: > SSLv3 read client hello A > [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: > SSLv3 write server hello A > [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: > SSLv3 write certificate A > [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1274): [client > 67.167.32.58] handing out temporary 1024 bit DH key > [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: > SSLv3 write key exchange A > [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: > SSLv3 write certificate request A > [Fri Feb 04 04:48:58 2011] [debug] ssl_engine_kernel.c(1874): OpenSSL: Loop: > SSLv3 flush data > [Fri Feb 04 04:53:58 2011] [debug] ssl_engine_io.c(1900): OpenSSL: I/O > error, 5 bytes expected to read on BIO#290def0 [mem: 27ea44b] > [Fri Feb 04 04:53:58 2011] [debug] ssl_engine_kernel.c(1903): OpenSSL: Exit: > error in SSLv3 read client certificate A > [Fri Feb 04 04:53:58 2011] [error] [client 67.167.32.58] Re-negotiation > handshake failed: Not accepted by client!?
Please comment out the following line: # SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128 Maybe your SSL_CIPHER_USEKEYSIZE tool restrict. -- Dongsheng song ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org