On Jan 18, 2013, at 10:18 AM, Aaron Freeman <aaron.free...@layerz.com> wrote:
> We’re getting scanned today. Any hope on this? I just tested that Resin snapshot - the <honor-cipher-order> is not in that jar. I think there was a mistake in the SCM checkin or Scott may have built the archive to soon. We'll try to put up a new snapshot today/soon, but I'm not certain it's possible with various other bug fixes in progress. Thanks, Paul > > Thanks, > > Aaron > > > From: resin-interest-boun...@caucho.com > [mailto:resin-interest-boun...@caucho.com] On Behalf Of Aaron Freeman > Sent: Monday, January 14, 2013 2:01 PM > To: 'General Discussion for the Resin application server' > Subject: Re: [Resin-interest] BEAST SSL Attack > > Still needing a little assistance on this one. > Thanks, > > Aaron > > > From: resin-interest-boun...@caucho.com > [mailto:resin-interest-boun...@caucho.com] On Behalf Of Aaron Freeman > Sent: Thursday, January 10, 2013 2:12 PM > To: 'General Discussion for the Resin application server' > Subject: Re: [Resin-interest] BEAST SSL Attack > > Hmm, we were able to swap out jsse for openssl and get that working without > any issues using the snapshot you recommend below. However when we add > <honor-cipher-order> under the <openssl> node, we get this error: > > [root@alpha bin]# ./www.sh start > /opt/sendthisfile/server/conf/www.xml:80: <honor-cipher-order> is an > unexpected tag (parent <openssl> starts at 75). > > 78: <password>password</password> > 79: > <cipher-suite>!aNULL:!eNULL:!EXPORT:!DSS:!DES:RC4-SHA:RC4-MD5:ALL</cipher-suite> > 80: <honor-cipher-order>true</honor-cipher-order> > 81: </openssl> > 82: </http> > > <openssl> syntax: ( (@ca-certificate-file | <ca-certificate-file>)? > & (@ca-certificate-path | <ca-certificate-path>)? > & (@ca-revocation-file | <ca-revocation-file>)? > & (@ca-revocation-path | <ca-revocation-path>)? > & (@certificate-file | <certificate-file>) > & (@certificate-chain-file | <certificate-chain-file>)? > & (@certificate-key-file | <certificate-key-file>)? > & (@cipher-suite | <cipher-suite>)? > & (@crypto-device | <crypto-device>)? > & (@password | <password>) > & (@protocol | <protocol>)? > & (@session-cache | <session-cache>)? > & (@session-cache-timeout | <session-cache-timeout>)? > & (@unclean-shutdown | <unclean-shutdown>)? > & (@verify-client | <verify-client>)? > & (@verify-depth | <verify-depth>)?) > > > From the configuration, this is the version of OpenSSL we are on: > > OPENSSL : OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008 > include : /usr/include > lib : > libraries : -lssl -lcrypto > > Any ideas? > > Thanks, > > Aaron > > >
_______________________________________________ resin-interest mailing list resin-interest@caucho.com http://maillist.caucho.com/mailman/listinfo/resin-interest