Re: [AOLSERVER] Personal Certificate
> Ok, I haven't figured out which of the following did it, but > applying the following suggested changes to my config.tcl > fixed the problem: > > ns_param ServerProtocols "SSLv2" That was it. You told the server not to support client-side certs at all -- that's an SSL v3 thing (and TLS v1). You've also disabled other SSL v3 functionality, and I think that v2 has security exposures that allow the information being exchanged to be captured, which was one of the major motivations for moving from v2 to v3. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
Re: [AOLSERVER] Personal Certificate
Ok, I haven't figured out which of the following did it, but applying the following suggested changes to my config.tcl fixed the problem: ns_param ServerProtocols "SSLv2" ns_param ServerCipherSuite "ALL:!TLS:!ADH:!EXPORT56:!SHA:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" Also for the record, there was no problem with Safari - just IE. Mark Aufflick wrote: Hi all, I have a quirky issue - when i connect ot my openacs (aolserver 3.3+ad13) site from mac ie, it refuses to access ssl pages, and complains that it (mac ie) does not support personal certificates. Further investigations shows that mac ie has a bug that won't let you access a site that ALLOWS personal certificates, even if it is optional. Now I didn't even know that ns_openssl supported personal certificates, maybe current openssl library calls need a flag to tell them not to support personal certificates. Before I go and get my hands good and dirty, does anyone have any ideas? Mark. DISCLAIMER: this post contains nothing regarding p0und proxies or any sub-function of ns_conn ;) -- Mark Aufflick e: [EMAIL PROTECTED] w: www.pumptheory.com p: +61 438 700 647 -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank. -- Mark Aufflick e: [EMAIL PROTECTED] w: www.pumptheory.com p: +61 438 700 647 -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
Re: [AOLSERVER] Personal Certificate
On Mon, 21 Jul 2003, Barry Books wrote: > Have you tried Safari 1.0? I've had SSL problems on my Mac also but for the > most part they seem to be fixed since I upgraded. I don't know if it > supports personal certificates though, but if you mean self signed I think > you can now access sites with invalid certificates. Personal certs are different from self-signed certs (well, you can have a self-signed personal cert, if you like). Safari does not appear to support them, which is a bummer because I have an app that does authentication with personal certs, and I can't use Safari for that app. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
Re: [AOLSERVER] Personal Certificate
I think 1.0 allows some control over what certs it will accept. I'm not in front of my mac but I think under the security settings you can allow expired certs etc. It may be under the Debug menu which makes it much less useful. barry -Original Message- From: Janine Sisk [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 10:27 AM To: [EMAIL PROTECTED] Subject: Re: [AOLSERVER] Personal Certificate Unfortunately Safari has it's own quirky issue with SSL. Some people are reporting that you can't get to https URLs if you are behind a proxy server and I have found that to be true at Sloan; I've had to go back to using Mozilla when I'm in the office. I admit I haven't tried very hard to work around the problem, though, since it seems to be a known issue and probably not under user control. janine On Monday, July 21, 2003, at 11:19 AM, Barry Books wrote: > Have you tried Safari 1.0? I've had SSL problems on my Mac also but > for the most part they seem to be fixed since I upgraded. I don't know > if it supports personal certificates though, but if you mean self > signed I think > you can now access sites with invalid certificates. > > barry > > -Original Message- > From: Mark Aufflick [mailto:[EMAIL PROTECTED] > Sent: Monday, July 21, 2003 10:02 AM > To: [EMAIL PROTECTED] > Subject: [AOLSERVER] Personal Certificate > > > Hi all, > > I have a quirky issue - when i connect ot my openacs (aolserver > 3.3+ad13) site from mac ie, it refuses to access ssl pages, and > complains that it (mac ie) does not support personal certificates. > Further investigations shows that mac ie has a bug that won't let you > access a site > that ALLOWS personal certificates, even if it is optional. > > Now I didn't even know that ns_openssl supported personal > certificates, maybe current openssl library calls need a flag to tell > them not to support personal certificates. > > Before I go and get my hands good and dirty, does anyone have any > ideas? > > Mark. > > DISCLAIMER: this post contains nothing regarding p0und proxies or any > sub-function of ns_conn ;) > > -- > Mark Aufflick > e: [EMAIL PROTECTED] > w: www.pumptheory.com > p: +61 438 700 647 > > > -- > AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to > <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in > the email message. You can leave the Subject: field of your email > blank. > > > -- > AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to > <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in > the email message. You can leave the > Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
Re: [AOLSERVER] Personal Certificate
Unfortunately Safari has it's own quirky issue with SSL. Some people are reporting that you can't get to https URLs if you are behind a proxy server and I have found that to be true at Sloan; I've had to go back to using Mozilla when I'm in the office. I admit I haven't tried very hard to work around the problem, though, since it seems to be a known issue and probably not under user control. janine On Monday, July 21, 2003, at 11:19 AM, Barry Books wrote: Have you tried Safari 1.0? I've had SSL problems on my Mac also but for the most part they seem to be fixed since I upgraded. I don't know if it supports personal certificates though, but if you mean self signed I think you can now access sites with invalid certificates. barry -Original Message- From: Mark Aufflick [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 10:02 AM To: [EMAIL PROTECTED] Subject: [AOLSERVER] Personal Certificate Hi all, I have a quirky issue - when i connect ot my openacs (aolserver 3.3+ad13) site from mac ie, it refuses to access ssl pages, and complains that it (mac ie) does not support personal certificates. Further investigations shows that mac ie has a bug that won't let you access a site that ALLOWS personal certificates, even if it is optional. Now I didn't even know that ns_openssl supported personal certificates, maybe current openssl library calls need a flag to tell them not to support personal certificates. Before I go and get my hands good and dirty, does anyone have any ideas? Mark. DISCLAIMER: this post contains nothing regarding p0und proxies or any sub-function of ns_conn ;) -- Mark Aufflick e: [EMAIL PROTECTED] w: www.pumptheory.com p: +61 438 700 647 -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
Re: [AOLSERVER] Personal Certificate
Have you tried Safari 1.0? I've had SSL problems on my Mac also but for the most part they seem to be fixed since I upgraded. I don't know if it supports personal certificates though, but if you mean self signed I think you can now access sites with invalid certificates. barry -Original Message- From: Mark Aufflick [mailto:[EMAIL PROTECTED] Sent: Monday, July 21, 2003 10:02 AM To: [EMAIL PROTECTED] Subject: [AOLSERVER] Personal Certificate Hi all, I have a quirky issue - when i connect ot my openacs (aolserver 3.3+ad13) site from mac ie, it refuses to access ssl pages, and complains that it (mac ie) does not support personal certificates. Further investigations shows that mac ie has a bug that won't let you access a site that ALLOWS personal certificates, even if it is optional. Now I didn't even know that ns_openssl supported personal certificates, maybe current openssl library calls need a flag to tell them not to support personal certificates. Before I go and get my hands good and dirty, does anyone have any ideas? Mark. DISCLAIMER: this post contains nothing regarding p0und proxies or any sub-function of ns_conn ;) -- Mark Aufflick e: [EMAIL PROTECTED] w: www.pumptheory.com p: +61 438 700 647 -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
[AOLSERVER] Personal Certificate
Hi all, I have a quirky issue - when i connect ot my openacs (aolserver 3.3+ad13) site from mac ie, it refuses to access ssl pages, and complains that it (mac ie) does not support personal certificates. Further investigations shows that mac ie has a bug that won't let you access a site that ALLOWS personal certificates, even if it is optional. Now I didn't even know that ns_openssl supported personal certificates, maybe current openssl library calls need a flag to tell them not to support personal certificates. Before I go and get my hands good and dirty, does anyone have any ideas? Mark. DISCLAIMER: this post contains nothing regarding p0und proxies or any sub-function of ns_conn ;) -- Mark Aufflick e: [EMAIL PROTECTED] w: www.pumptheory.com p: +61 438 700 647 -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <[EMAIL PROTECTED]> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.