About OpenSSL
Hello, I am using Apache 1.3.11 for NT How can I use OpenSSL ? I meana is there any version of SSL supporting NT version of Apache ? Thank you. Turkay DARCANSoftware And Project ManagerEmperyal Group Of CompaniesTel :+90 212 624 20 45Fax: +90 212 624 52 15---Winners focus on where they are going to, losers focus on what they are going through.
modssl MSIE 3
Hello, I've just installed modssl+apache on a machine; I'm using a certificate signed by GlobalSign. It works for Netscape and MSIE 5 : I can connect from Netscape and MS IE 5 without problems. However, I did have to load the "primary server CA" and "server CA" certificates of GlobalSign, in addition to the GlobalSign "root CA", into the webbrowsers; simply the root CA was not enough to get rid of the warnings you'd otherwise get (that it could not identify the party that had signed the certificate). I'm using the SSLCertificateChainFile directive to try to load those 3 GlobalSign certificates into the browser now. But for Microsoft IE 3, although I have installed the GlobalSign root CA, and the primary server CA and the server CA of globalsign into MS IE (I can see they are installed by checking the Security Options where you have a list of "Locations" certificates), it keeps refusing to connect to our site (which offers the certificate signed by Globalsign). The error message is : it says the company that signed our certicate is not known to it. This is absurd since the GlobalSign certificates are listed in the browser... (and enabled). It's a list with GlobalSign, Verisign etc. I've also tried to load (our) DER encoded .crt file of our own site into that browser, and it installed, but I still cannot connect. Now all this would be no problem if there were a clear message, saying that the user has to upgrade to MS IE 5. My question is : 1) is there a way to make SSLCertificateChainFile work for MS IE 3 2) if not, is there a way for the _server_ to immediately refuse connections of MS IE 3 and issue the user with a message to get a more recent browser. It would be nice if I could immediately redirect users of MS IE 3 to a page that says that they have to upgrade. Otherwise it's really "ugly" if the users have a message like "Cannot verify the company that has signed the certificate" while it's just a MS IE 3 problem (I think). Thanks, __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: About OpenSSL
[EMAIL PROTECTED] wrote: Hello,I am using Apache 1.3.11 for NTHow can I use OpenSSL ?I meana is there any version of SSL supporting NT version of Apache ?Thank you. I use cygwin the version of apache + mod_ssl - look at: http://www.student.uni-koeln.de/cygwin/Distribution/Source/apache-ssl/ (source version - I was been able to rebuild a apache with mod_proxy and mod_rewrite enabled) http://www.student.uni-koeln.de/cygwin/Distribution/Binary/?item=camp (binary version - without mod_proxy and mod_rewrite) CAMP Embedded Web Authoring Environment (Binary Distribution) This is the CAMP (Cygwin Apache mSQL MySQL PHP3) Embedded Web Authoring Environment for the Cygwin platform. This version has been compiled and linked using Cygwin b20.1 (egcs-1.1.2 release). Status: released Components: (latest release) Apache 1.3.6 HTTP Server (SSL-aware using mod_ssl 2.2.7 and OpenSSL 0.9.2b) PHP 3.0.7 HTML Pre-Processor (Apache Module) with MySQL 3.22.10, mSQL 2.0.7, PostgreSQL 6.4 and iODBC 2.50 client support with gd 1.3 and gdTTF support MySQL Authentification 2.20 (Apache Module) FastCGI 2.2.1 (Apache Module) DAV 0.9.8 (Apache Module) mSQL 2.0.7 Database Engine The cygwin version is impressing in performance! The SSL-speed is 10 times over the WIN32 version from www.apache.org/www.modssl.org (look at http://www.modssl.org/contrib/apache-ssl-win32-howto-V1.2.1.html ftp://ftp.modssl.org/contrib/ file://Apache_1.3.9-mod_ssl_2.4.9-openssl_0.9.4-WIN32-i386.rar ) A https page with approx. 20 images is served by cygwin-apache in 3 seconds versus 33 seconds on the WIN32-apache! The cygwin version seems also to be more reliable then the WIN32 version - the WIN32 version has subtile bugs and even crashes on semi-complex https pages! Johannes Turkay DARCAN Software And Project Manager Emperyal Group Of Companies Tel :+90 212 624 20 45 Fax: +90 212 624 52 15 --- Winners focus on where they are going to, losers focus on what they are going through. -- \\\|/// / \ ( o o ) +--.oo0O-(_)-O0oo.---+ | | | Johannes A. Bertscheit Phone: +49 821 54 40 46 | | Dipl.Informatiker (Univ.) FAX: +49 821 52 37 34 | | JB Management Consulting Mobil: +49 172 84 05 109 | | Faerberstrasse 5 EMail: [EMAIL PROTECTED] | | D-86157 Augsburg EMail-Mobil: [EMAIL PROTECTED] | | Germany | | .oooO | | ( ) Oooo. | +\ (( )+ \_) ) / (_/
Upgrade to Apache 1.3.12 or ... ?
If we are using Apache 1.3.9 with the associated mod_ssl, should we upgrade to Apache 1.3.12 and the associated mod_ssl per the procedure at http://www.modssl.org/example/ ?The fact that Apache.org is still running Apache version 1.3.9 on its website (which can be confirmed at: http://www.netcraft.com/whats/ ) does not instill confidence to do an upgrade. ~ Any opinions from the experienced folks here would be gratefully received. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Upgrade to Apache 1.3.12 or ... ?
On Mon, Mar 13, 2000, [EMAIL PROTECTED] wrote: If we are using Apache 1.3.9 with the associated mod_ssl, should we upgrade to Apache 1.3.12 and the associated mod_ssl per the procedure at http://www.modssl.org/example/ ?The fact that Apache.org is still running Apache version 1.3.9 on its website (which can be confirmed at: http://www.netcraft.com/whats/ ) does not instill confidence to do an upgrade. ~ That we run 1.3.9 on www.apache.org doesn't mean anything and especially not that we don't have less confidence in 1.3.12. It's just because Brian B. doesn't always immediately upgrade the Apache installation on this box. That all... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSL Hangs
Robert Hiltibidal wrote: Hmmm I wonder if it be better then to try an earlier version of OpenSSL? I will do the code hack but... if I comment out that code what ripple effect is possible? I don't think commenting out the WaitForSingleObject() is a solution at all for the problem. I did it to verify that it was really that instruction that gave rise to the problem. I know too little of the structure of mod_ssl and OpenSSL to be able to figure out why the WaitForSingleObject blocks in that particular situation, but perhaps somebody else knows. Regards, Jan Dries __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Win32 Possible Bug?
What needed: VC6.0 ActivePerl CygWin But it has bug: makefile.nt has bugs of micro: LONG and SHORT can't be extended to Release(or Debug) and R(or D) you have to replace them before nmake. good luck! wei - Original Message - From: Robert Hiltibidal [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 12, 2000 9:36 AM Subject: Re: Win32 Possible Bug? Weee I'm open to suggestions. I'm going to try to build a 1.3.6 full version. The 1.3.9 I built waaayyy early this morning kept saying it couldn't generate a 512k rsa private key, even thos SSRandomSeed was set to file:conf/rand.dat 512 I had no problems in either the 1.3.12 version with the randomseed nor do I have problems with the doanloaded 1.3.6 version random seed. Same conf file for both. Has anyone else built a win32 version off the 1.3.12 Apache build? If so what was is your developmewnt environment? ie What version of VC++ are you using, any Microsux patches applied, did you use do_ms or do_nasm or do_masm for the openssl builds? -Rob -Rob At 11:02 AM 03/12/2000 +0100, you wrote: On Sun, Mar 12, 2000, Robert Hiltibidal wrote: [...] I wonder could there be something in the -DEAPI option that could cause SSL to "break"? [...] No, I don't think it can break anything. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Upgrade to Apache 1.3.12 or ... ? dear ME!
"Tim" [EMAIL PROTECTED] wrote : what a shame that the apache sysadmin is too lazy to update I think that's kind of uncalled-for. Points : 1) I expect Brian Behlendorf (sp?) is at the ApacheCon conference, has been preparing for it, and/or is on his way back. Either way, he'll have been a mite busy just lately. 2) As Lewis Bergman explained just now : "Do you run scripts which are subject to the cross site scripting addressed in one of the latest CERT's. 1.3.12 addresses this problem." The main point of 1.3.12 is to address those security problems; if a website doesn't have any dynamic content, and hasn't hit any of the other (mostly minor ?) bugs fixed in 1.3.12, then there's no *need* to upgrade. What's your purpose ? Nick Systems Team, EDS Healthcare, Bristol, UK __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Upgrade to Apache 1.3.12 or ... ? dear ME!
2) As Lewis Bergman explained just now : "Do you run scripts which are subject to the cross site scripting addressed in one of the latest CERT's. 1.3.12 addresses this problem." Well, the truth is, I don't know if they are subject to "cross site scripting..." :-/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Win32 And OpenSSL
Howdy, recap: All browser hung on connection to https I found a solution. I downloaded OpenSSl 0.9.4 and compiled it in with the mod ssl and apache for 1.3.12 I even compiled OpenSSL with nasm. It worked. Just being the masochist I removed the OpenSSL 0.9.4 build and redownloaded the OpenSSL 0.9.5, recompiled everything. It bombed. Went back and recompiled with ms\do_ms -- I have 2 PIII500's, 1 PII 300 and 1 Cyrus 433 all running NT 4.0 SP6a. Thinking there might be a problem with the assembly language routines I tried the normal VC routines. The browsers, IE.x, Netscape.x -- all hung. I even recompiled everything with the hack that was suggested last nite. Still no luck. So I went back to OpenSSL 0.9.4, redid everything once with nasm and once with microsoft compilation options and both builds worked on every machine. https worked just as well as http. I did notice the builds with nasm operated faster than the builds with microsoft. I have no benchmark tools to be able to measure performance. I can only say there is a noticeable difference. I'm thinking there is a bug within OpenSSL or mod ssl. I am not fluent enough in C to be able to track it down further than that. The OpenSSL site says 0.9.5 is a major release. Win32 + SSL is now operational. I think its valid to say Apache Server itself has been around longer than IIS. I think its equally valid to say win32 Apache is more stable and more secure than IIS. I submit its time to take off the beta warnings on the Apache distributions. In my office that warning *almost* killed its useage. While its a reminder geared towards techs, that warning does not strike confidence in thehearts and souls of the policy makeers =) Just me .02$ My thanks to those that gave me options to try. -Rob __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: forwarding http://address/directory to https://address/directory
thanks for the note... i added RewriteEngine onRewriteLog "/etc/httpd/logs/rewrite.log"RewriteRule ^/mydirectory/(.*) https://myhost/mydirectory/$1 [R] it works! i don't know what the log does because its always blank. john c. - Original Message - From: "Winged Wolf" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 10, 2000 2:29 PM Subject: Re: forwarding http://address/directory to https://address/directory Try using RewriteRule http://address/directory/(.*) https://address/directory/\1 . (If that doesn't work, look for the documentation in mod_rewrite.) --- Mat Butler, Winged Wolf [EMAIL PROTECTED] SPASTIC Web Engineer SPASTIC Server Administrator Begin FurryCode v1.3 FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++ RLCT/M*/LW* a cl/u/v+ !d e- f h++ iwf+++ j p-+ sm++ End FurryCode v1.3 On Fri, 10 Mar 2000, John Castillo wrote: hello all, i have setup mod_ssl... works.now i'm trying to tweak my httpd.conf so that if a user connects to a secure area (https://host/secure_area) via an insecure protocol (http://host/secure_area) that they are redirected to the secured protocol (http+ssl over port 443). temporarily, i'm use the SSLRequireSSL but that just Forbids access for people viewing the secure area over http. is it possible to either redirect the client to https or apply some SSL directive that will enable SSL on the fly?Directory /home/httpd/html/secure_area Options Indexes FollowSymLinks AllowOverride None order allow,deny allow from all SSLRequireSSL /Directoryjohn c. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
Re: forwarding http://address/directory to https://address/directory
You can add: RewriteLogLevel 1 if you want to see some output. cliff rayman genwax.com John Castillo wrote: thanks for the note... i addedRewriteEngine on RewriteLog "/etc/httpd/logs/rewrite.log" RewriteRule ^/mydirectory/(.*) https://myhost/mydirectory/$1 [R]it works! i don't know what the log does because its always blank.john c.- Original Message -From: "Winged Wolf" [EMAIL PROTECTED]>To: [EMAIL PROTECTED]>Sent: Friday, March 10, 2000 2:29 PMSubject: Re: forwarding http://address/directory to https://address/directory> Try using RewriteRule http://address/directory/(.*) > https://address/directory/\1 . > > (If that doesn't work, look for the documentation in mod_rewrite.) > > --- > Mat Butler, Winged Wolf [EMAIL PROTECTED]> > SPASTIC Web Engineer SPASTIC Server Administrator > Begin FurryCode v1.3 > FCWw5amrsw A- C+ D H+++ M+[servercoder] P+ R++ T+++ W Z++ Sm++ > RLCT/M*/LW* a cl/u/v>+ !d e- f> h++ iwf+++ j p->+ sm++ > End FurryCode v1.3 > > > On Fri, 10 Mar 2000, John Castillo wrote: > > > hello all, > > > > i have setup mod_ssl... works. > > > > now i'm trying to tweak my httpd.conf so that if a user connects to a secure area (https://host/secure_area) via an insecure protocol (http://host/secure_area) that they are redirected to the secured protocol (http+ssl over port 443). > > > > temporarily, i'm use the SSLRequireSSL but that just Forbids access for people viewing the secure area over http. is it possible to either redirect the client to https or apply some SSL directive that will enable SSL on the fly? > > > > Directory /home/httpd/html/secure_area> > > Options Indexes FollowSymLinks > > AllowOverride None > > order allow,deny > > allow from all > > SSLRequireSSL > > /Directory> > > > > john c. > > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache+mod_SSL - Invalid method in request
I have enabled SSL on one of my virtual hosts. I have specified the snakeoil certs and keys for now to test. When the browser goes to the protected site, it just hangs. I am entering it with the https:// prefix. In my error log, it says Invalid method in request and gives the client's IP. I have had this trouble now for quite some time and I thank anyone in advance for helping me with it. Thanks, Robert Oliver __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Win32 And OpenSSL
I'm thinking there is a bug within OpenSSL or mod ssl. Reading your message twice, I couldn't understand what's wrong with mod_ssl. Of course, there is always the possibility that the OpenSSL 0.9.5 has a "trigger" which is activated by a bug in another place, but then why to blame mod_ssl and not Apache, the compiler, NT, etc.? The only component which you replaced and caused your build to work or to bomb, was OpenSSL-0.9.5. Since mod_ssl requires any OpenSSL higher or equal to 0.9.3, what's wrong with Apache-1.3.12 + OpenSSL 0.9.4 + mod_ssl-2.6.2 ? Let's start from OpenSSL. From your message, it looks obvious that THERE is the problem. Which reminds me that I was asked to re-submit my patches. One of them allowed debug mode to be compiled easily under NT. I'll try to do it today. Ralf, is it OK to work against 2.6.2? -- Eli Marmor __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: forwarding http://address/directory to https://address/directory
On Mon, Mar 13, 2000, John Castillo wrote: RewriteEngine on RewriteLog "/etc/httpd/logs/rewrite.log" RewriteRule ^/mydirectory/(.*) https://myhost/mydirectory/$1 [R] it works! i don't know what the log does because its always blank. To see rewriting log entries, you have to use "RewriteLogLevel", too... Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache+mod_SSL - Invalid method in request
On Mon, Mar 13, 2000, Robert W. Oliver wrote: I have enabled SSL on one of my virtual hosts. I have specified the snakeoil certs and keys for now to test. When the browser goes to the protected site, it just hangs. I am entering it with the https:// prefix. In my error log, it says Invalid method in request and gives the client's IP. I have had this trouble now for quite some time and I thank anyone in advance for helping me with it. Although you're connecting with HTTPS, on the HTTPS port your server speaks only HTTP! Check your server configuration, please. Make sure Listen and VirtualHost directives match and that the VirtualHost ..:443 has an "SSLEngine on", too. Ralf S. Engelschall [EMAIL PROTECTED] www.engelschall.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Again !! - Failed to generate temporary 512 bit RSA private key
Hello, I have installed Apache 1.3.12 + Mod-SSL 2.6.2-1.3.12 + OpenSSL 0.9.5 under Solaris 2.7. Whenever I am trying to start the web server with "/usr/local/apache/bin/apachectl start" the normal HTTP server runs fine. But whenever I am starting the HTTPS server with "/usr/local/apache/bin/apachectl startssl" it is giving the following message. /usr/local/apache/bin/apachectl startssl: httpd could not be started and in the ssl log file it is giving [13/Mar/2000 17:24:56 06351] [error] Init: Failed to generate temporary 512 bit RSA private key [13/Mar/2000 17:42:23 06355] [info] Server: Apache/1.3.12, Interface: mod_ssl/2.6.0, Library: OpenSSL/0.9.5 [13/Mar/2000 17:42:23 06355] [info] Init: 1st startup round (still not detached) [13/Mar/2000 17:42:23 06355] [info] Init: Initializing OpenSSL library [13/Mar/2000 17:42:23 06355] [info] Init: Loading certificate private key of SSL-aware server www.basheer.com:443 [13/Mar/2000 17:42:23 06355] [info] Init: Seeding PRNG with 8 bytes of entropy [13/Mar/2000 17:42:23 06355] [info] Init: Generating temporary RSA private keys (512/1024 bits) [13/Mar/2000 17:42:23 06355] [error] Init: Failed to generate temporary 512 bit RSA private key I kept the $HOME/.rnd file by "touch $HOME/.rnd" and tried to give make certificate again. But the result is same. Instead of just creating the ".rnd" file I copied the files like ..openssl-0.9.5/ms/.rnd ..openssl-0.9.5/test/.rnd to $HOME. But still the effect is same. What's wrong? Could anybody help me? Regards, Saleej. __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: About OpenSSL
Eli Marmor wrote: Johann Bertscheit wrote: > ... Your message left us with too many questions... 1. Did you use the original sources, or had to modify them? If the original sources work with no change, then it is a great news! I always thought that some of these sources require Visual C++ under NT... You must distinguish between 1.) WIN32 apache1.3.9/mod_ssl as found as binary in http://www.modssl.org/contrib/ 1262788 Nov 28 21:40:40 1999 Apache_1.3.9-mod_ssl_2.4.9-openssl_0.9.4-WIN32-i386.rar (in this version the crash occurs) 2.) cygwin apache1.3.6/mod_ssl CAMP as found as binary in http://www.student.uni-koeln.de/cygwin/Distribution/Binary/?item=camp (binary version - without mod_proxy and mod_rewrite) 3.) cygwin apache1.3.6/mod_ssl with mod_proxy and mod_rewrite (own build) from the following sources: http://www.student.uni-koeln.de/cygwin/Distribution/Source/apache-ssl/ concerning your question: this version is a already "ported" version of the orginal apache to cygwin - but even this version dont(!) compiled "out of the box" - I had to patch the sources at some places to be able to compile on my cygwin B20.1 - but I finally got it running. 4.) normal apache1.3.12/mod_sll: I also tried to compile the newest apache1.3.12/mod_ssl with cygwin - but here even more patches to the sources are neccessary - I was not able even to compile openssl so far. I stopped the porting of this version because I got the cygwin-apache1.3.6-mod_proxy/mod_rewrite up and running without the crash of the WIN32 version. I currently use version 3.) and have no problems with this version so far (and I hope: will have no problems in future!) 2. The versions you use look very ancient... (Apache 1.3.4/1.3.6, mod_ssl 2.1.7/2.2.7, PHP-3.0.7, PostgreSQL-6.4, mod_dav-0.9.8, etc.). Is there any special reason? AFAIK: there are no other ports of mod_SSL to WINNT beyond 1.3.9 available (see list above). - and it seems not too easy to get 1.3.12 running on cygwin (I dont tried WIN32 because I think the crash-bug is present in the newest 1.3.12 apache, because it is present in 1.3.6 WIN32 and 1.3.9 in the very same place !! both versions crash at the same code-place...) 3. How is it possible that an executable compiled by Cygwin is 11 (!) times (1000%) faster than an executable compiled by Visual-C++? I never noticed that the VC++ binary was so slow... And it looks impossible that Microsoft, which has $billions to put in RD, will let its flagship compiler to be 1000% slower. Even 20% slower would be hard to believe... I analyzed the difference in speed - and I found the reason: for debugging purposes I set the SSLLogLevel to "debug" on WIN32 but not on cygwin. When I set the SSLLogLevel back to "info" then the speed difference is gone. Or there is a critical problem with mod_ssl/OpenSSL... If so, please provide us with more details, so we can fix them. OpenSA people, are you there? Did you have such problems? In addition to the above speed-difference (which is clear now): WIN32-version: I noticed that the apache1.3.9 version sometime "HANGS" on https:... requests (in opposion to the apache1.3.6 which had no such problem). But I'm sorry - I cannot reproduce this effect. 4. You wrote that the WIN32 version crashes. Can you reproduce it? I wrote a problem report Subject: [BugDB] crash in ApacheModuleSSL.dll of winnt Apache_1.3.9-mod_ssl_2.4.9-openssl_0.9.4-WIN32-i386.rar (PR#353) and further analyzed the problem: I almost can reproduce the problem: The problem occurs when a switch of VirtualHosts occur! I have 2 VirtualHosts configured in my httpd.conf. - one on port 443 - another on port 5443 (- and the normal port 80) Also I checked the dependency with SSLLogLevel, because I noticed that the SSL-logfile is garbled prior(!) the crash - It seems to be that 2 processes write in the logfile without sync! But even if I set SSLLogLevel to "warn" the crash occurs! To reproduce the problem it seems you need two requests to a semi-complex html-page (I have a frameset with 3 frames and with approx. 20 images) first from http://host:443/page.html then from http://host:5443/page.html try it several times (maybe also with different pages) and the crash occurs! There are many WIN32 users in this list, and we don't face such problems. Can you hunt these crashes? Can you find their origin? I had this crashes on several different WINNT machines! And always at the same code-place! (see below in the problem-report) So the reason should be in ApacheModuleSSL.dll. Your story looks too amazing to be true, but if you tell it, we believe you. However, please provide us with more details, so we can check if these problems are our fault / MS fault / your machine fault / debugging flags fault / whatever. please look at my problem report [BugDB] crash in ApacheModuleSSL.dll of winnt Apache_1.3.9-mod_ssl_2.4.9-openssl_0.9.4-WIN32-i386.rar (PR#353) I include my submission for your convenience: Full_Name: Johannes Bertscheit Version: