Re: newbie having problem with starting apache
Mike Momany wrote: I have installed apache, openssl and mod ssl according to the instructions at http://www.modssl.org/example/ . Everything seemed to go well but when I attempt to start apache I get a failure. The error log reads: mod_ssl: Init: Server mannheim.servermart.com:443 should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] The certificate creation process appeared to go ok. Yes, but did you add an SSLCertificateFile directive to the config file? Assuming your certificate is server.crt in /usr/local/apache/conf/ssl.crt, you need: SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key Regsrds, Owen Boyle. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
IE 5.0 56bit Problem
Ive configured a proxy apache server+mod_ssl+openssl and used a 128 bit step up certificate. We have Problem with IE 5.0 with 56 bit encryption on win2000. I used the following directive. SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 and ive also tried: SSLProtocol all -SSLV3 or SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP and used SSL sessionCache But nothing helped me. Any help is much appreciated. __ Die Fachpresse ist sich einig: WEB.DE 20mal Testsieger! Kostenlos E-Mail, Fax, SMS, Verschlsselung, POP3, WAPtesten Sie uns! http://freemail.web.de __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: version numbers
On Wed, Mar 14, 2001, Brett Tofel wrote: I can't seem to find where the mod_ssl version numbers are explained. In the FAQ AFAIK. if we are using an older apache, must we use an older mod_ssl? For instance, if we were using apache 1.3.12 would we have to use: mod_ssl-2.6.6-1.3.12 Yes. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache-1.3.19+mod_ssl-2.8.1+php-4.0.4pl1 segfault (no core file created)
On Fri, Mar 16, 2001, Karlos Z. Smith wrote: [...] Ok, is this a glibc issue? I know they made quite a few changes in glibc-2.2.2 maybe they screwed something up? Or maybe mod_ssl was using some workaround for something that _was_ broke and now its fixed? [...] No, there are no glibc bug workarounds in mod_ssl. I'm sure your glibc is broken. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE5 client certs
On Mon, Mar 19, 2001, Torsten Curdt wrote: [...] For each CA there is much more information besides the PEM data (which is the only thing in my ca-dff.crt). It's pretty verbose including the fingerprint as well as some plain text infos about the cert. [...] All text around the PEM data is just for information. It not parsed by mod_ssl/OpenSSL. It is there just for human reading. I wonder how I can create such a format for my CA cert. Do you have an idea? $ openssl x509 -text -noout -in file Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl's mod_proxy support
On Mon, Mar 19, 2001, Martin Lichtin wrote: Anyone know how to configure mod_ssl parameters when it's doing the client requests inside mod_proxy? I have something like VirtualHost 192.168.1.7:3128 ProxyRequests On NoCache * /VirtualHost as part of a mod_ssl-enabled server. It handles https:// proxy requests just fine, but I also need the ability to force a SSL version, eg. SSLv2, for making requests to the outside world. Any ideas? Also, how can I trace these SSL requests? I set SSLLogLevel to debug but it wouldn't show anything. By default you cannot adjust any parameters. But look at the CHANGES file, there is experimental support for SSLProxy directives which can help you. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
openssl s_time tests and ssl3
I've been playing around with the latest version (very impressive, by the way, Ralf) and I'm a bit stumped at trying to figure out performance characteristics. I get results similar to the ones below for SSL version 2 ./openssl s_time -ssl2 -connect www-dev:443 -time 40 411 connections in 3.25s; 126.46 connections/user sec, bytes read 0 411 connections in 41 real seconds, 0 bytes read per connection but using SSL version 3 consistently returns numbers in the neighborhood of ./openssl s_time -ssl3 -connect www-dev:443 -time 40 -new 37 connections in 18.55s; 1.99 connections/user sec, bytes read 0 37 connections in 41 real seconds, 0 bytes read per connection I've compiled both with and without experimental support for hardware accelerators (I won't get into that battle here - it looks like it's been fought and fought again; if anyone wants my numbers, please email me offline) and seem to get consistent results: ssl2 is high-capacity, ssl3 is an order of magnitude lower. I wouldn't rule out OpenSSL as the culprit, but it's worth mentioning that the s_time test is able to generate all sorts of SSL3 load against a Netscape 3.63 server on the same machine. Any ideas as to what may have gone wrong in my mod_ssl build? Thanks in advance. [EMAIL PROTECTED] P.S. Solaris 2.6 systems (separate machines) are being used to drive openssl s_client and Apache/mod_ssl. OpenSSL is at 0.9.6-eng, mod_ssl and Apache are at mod_ssl-2.8.1-1.3.19. __ Do You Yahoo!? Get email at your own domain with Yahoo! Mail. http://personal.mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]