Re: Apache problem mod_ssl 2.8.2
Look at the SSLSessionCache option in your config file. My bet is that is is not there. What I had to do to get it working distills down to this (with much help and appreciation to those on this list that helped) was to add the following (I use a \ where my mail program wraps the lines): SetEnvIf User-Agent .*MSIE.* nokeepalive \ ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLSessionCache dbm:/var/log/httpd/ssl_scache SSLSessionCacheTimeout 300 There is more than one way to handle the SSLSessionCache itself, just FYI. I hope this helps. -Albert C. Gilles Gros wrote: Hi, We are currently using apache 1.3.19 with mod_ssl 2.8.2. We have noticed between mod_ssl 2.8.1 and 2.8.2 more Page cannot be displayed in 2.8.2. We have no trace in apache logs. It is clearly linked to our use of SSL. Can anyone help us finding how to set up some trace to be able to understand what is wrong. Thanks Gilles __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Invalid method in request
What's wrong? When I connect to apache via https, Netscape says Conection refused and there is invalid method in request written in apache's error_log. I'm using Apache 1.3.19 + mod_ssl-2.8.1-1.3.19 + openssl-0.9.6. Thanks Pavel
Re: Invalid method in request
--- Pavel_Hlou¹ek [EMAIL PROTECTED] wrote: What's wrong? When I connect to apache via https, Netscape says Conection refused and there is invalid method in request written in apache's error_log. I'm using Apache 1.3.19 + mod_ssl-2.8.1-1.3.19 + openssl-0.9.6. Did you use GET? or maybe a form, with POST? or even HEAD? Some servers restrict certain methods, for example PUT is pretty commonly a no-no. __ Do You Yahoo!? Yahoo! Auctions - buy the things you want at great prices http://auctions.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache problem mod_ssl 2.8.2
Oh, Thank you for the answer it helps a lot. Can I get some explanation on what the SetEnvIf User-Agent .*MSIE.* nokeepalive \ ssl-unclean-shutdown downgrade-1.0 force-response-1.0 means. Gilles. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of ACroft Sent: Friday, April 27, 2001 6:56 AM To: [EMAIL PROTECTED] Subject: Re: Apache problem mod_ssl 2.8.2 Look at the SSLSessionCache option in your config file. My bet is that is is not there. What I had to do to get it working distills down to this (with much help and appreciation to those on this list that helped) was to add the following (I use a \ where my mail program wraps the lines): SetEnvIf User-Agent .*MSIE.* nokeepalive \ ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLSessionCache dbm:/var/log/httpd/ssl_scache SSLSessionCacheTimeout 300 There is more than one way to handle the SSLSessionCache itself, just FYI. I hope this helps. -Albert C. Gilles Gros wrote: Hi, We are currently using apache 1.3.19 with mod_ssl 2.8.2. We have noticed between mod_ssl 2.8.1 and 2.8.2 more Page cannot be displayed in 2.8.2. We have no trace in apache logs. It is clearly linked to our use of SSL. Can anyone help us finding how to set up some trace to be able to understand what is wrong. Thanks Gilles __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache problem mod_ssl 2.8.2
To my understanding (and anyone who can correct me if I am wrong, please do), some versions of Microsoft Internet Explorer (MSIE) have problems with using the HTTP/1.1 protocol with SSL. What this command does is to turn off keepalive facility and force HTTP/1.0 responses (rather than HTTP/1.1 responses) when the browser (User-Agent) is a version of MSIE. If you would like more information on this, you might try the following page from the mod_ssl FAQ: http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49 Hope this helps. -Albert C. Gilles Gros wrote: Oh, Thank you for the answer it helps a lot. Can I get some explanation on what the SetEnvIf User-Agent .*MSIE.* nokeepalive \ ssl-unclean-shutdown downgrade-1.0 force-response-1.0 means. Gilles. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of ACroft Sent: Friday, April 27, 2001 6:56 AM To: [EMAIL PROTECTED] Subject: Re: Apache problem mod_ssl 2.8.2 Look at the SSLSessionCache option in your config file. My bet is that is is not there. What I had to do to get it working distills down to this (with much help and appreciation to those on this list that helped) was to add the following (I use a \ where my mail program wraps the lines): SetEnvIf User-Agent .*MSIE.* nokeepalive \ ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLSessionCache dbm:/var/log/httpd/ssl_scache SSLSessionCacheTimeout 300 There is more than one way to handle the SSLSessionCache itself, just FYI. I hope this helps. -Albert C. Gilles Gros wrote: Hi, We are currently using apache 1.3.19 with mod_ssl 2.8.2. We have noticed between mod_ssl 2.8.1 and 2.8.2 more Page cannot be displayed in 2.8.2. We have no trace in apache logs. It is clearly linked to our use of SSL. Can anyone help us finding how to set up some trace to be able to understand what is wrong. Thanks Gilles __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Location and SSLVerifyClient
I need to require client certificates for all but 2 locations. I've tried the following in my httpd.conf: Location / SSLVerifyClient require SSLVerifyDepth 10 /Location Location /ca/ SSLVerifyClient none SSLVerifyDepth 10 /Location Location /images/ SSLVerifyClient none SSLVerifyDepth 10 /Location This works, but Netscape prompts me for my certificate on just about every request. If I could have the whole site require certificates, I would just do SSLVerifyClient require SSLVerifyDepth 10 and this would only prompt me once for my certificate (at least until the SSL session timed out). Is there a way to configure modssl so that I don't get prompted all the time? Should I just give up and move these 2 locations to a server that doesn't require client certs? Thanks Mike __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]