I recently upgraded our application to OpenSSL 1.0.1d with FIPS compiled in but disabled, which has always been the case in the past. Our application runs in a browser using Apache 2.2.23 and mod_ssl which is compiled against OpenSSL. Testing has revealed that HTTP requests work fine, however, HTTPS requests throw a 403. The following is exhibited in the access_log
a.b.c.d - - [06/Feb/2013:14:18:39 -0500] "GlET / HTTP/1.1" 403 202 a.b.c.d - - [06/Feb/2013:14:18:41 -0500] "\xf2G:ET /favicon.ico HTTP/1.1" 403 213 a.b.c.d - - [06/Feb/2013:14:32:00 -0500] "GVET / HTTP/1.1" 403 202 a.b.c.d - - [06/Feb/2013:14:32:01 -0500] "\xb3G\xc1ET /favicon.ico HTTP/1.1" 403 213 a.b.c.d - - [06/Feb/2013:14:32:01 -0500] "\x1aG\x9eET / HTTP/1.1" 403 202 a.b.c.d - - [06/Feb/2013:14:32:01 -0500] "tG\xfcET /favicon.ico HTTP/1.1" 403 213 a.b.c.d - - [06/Feb/2013:14:32:01 -0500] "\x8bG\x02ET / HTTP/1.1" 403 202 a.b.c.d - - [06/Feb/2013:14:32:02 -0500] "\bGdET /favicon.ico HTTP/1.1" 403 213 a.b.c.d - - [06/Feb/2013:14:32:02 -0500] "\xabG\xacET / HTTP/1.1" 403 202 a.b.c.d - - [06/Feb/2013:14:32:02 -0500] "\xb2G\tET /favicon.ico HTTP/1.1" 400 226 Testing was performed under a Redhat 6 x86_64 system and no errors were obvious in the compilation process. Thanks. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
