Re: Netscape gave error on SSL

[Owen Boyle]

Bab S wrote:
 
 Hi mod_ssl users,
 
 After starting SSL htps://servername.com,I tried on IE and netscape.
 
 With IE it works fine but with Netscape Browser version 6 it gives me  an
 error  :
 
 Netscape and this server cannot communicate securly because they have no
 common Encryption Algorthims.

I've never seen this error but it seems fairly self-explanatory. The
browser and server have to decide on a common scheme to use for
encryption. In the case of NS6, it doesn't have a scheme in common with
the server so they can't communicate. 

On the server side, the schemes allowed are defined by the
SSLCipherSuite directive. Check your entry to see if it is unusually
restrictive (e.g. only one scheme defined). For comparison, my entry
looks like this:

SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

Rgds,

Owen Boyle.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: SSI vs CGI

[Thomas Binder]

Hi!

On Sun, Feb 03, 2002 at 12:02:12AM +0200, Zvi Har'El wrote:
 In an HTTPS virtual host, there are many variables that are
 exported one method and not the other: More specifically, all
 the variables starting with SSL_ (e.g., SSL_CIPHER,
 SSL_SESSION_ID, etc.), are exported to the CGI script, but are
 not printed by the printenv SSI. This is in Apache/2.0.32-dev
 (Unix) mod_ssl/3.0a0 OpenSSL/0.9.6b (which I compiled from the
 latest CVS).

Take a look in the F.A.Q.:

http://www.modssl.org/docs/2.8/ssl_faq.html#ToC22


Ciao

Thomas


-- 
There's no time like the pleasant.
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

http to https redirect configuration question

[John W. Sopko Jr.]

I am having a difficult time solving the following: I want our
apache non-secure http:// server to redirect to the secure
https:// server whenever the non-secure server encounters a
.htaccess file in any directory? I do not want to redirect entire
directories or the server itself, only those that contain a
.htaccess file.

The standard apache Redirect or RedirctMatch cannot do this
because the .htaccess file is not typically specified by the
user. You run into a looping problem if you specify a redirect
in the .htaccess file itself.

I was hoping there is some switch at the server level to do this.
I of course searched all the docs and mailing archives for
a solution. There is a solution using javascript in the index.html
file that can do a redirect but this would have to be placed
in everyone's .index file and there is no guarantee users will
do this. 

Any solutions would be appreciated. Thanks.

-- 
John W. Sopko Jr.   University of North Carolina
email: [EMAIL PROTECTED] Computer Science Dept., CB 3175
Phone: 919-962-1844 Sitterson Hall; Room 135
Fax:   919-962-1799 Chapel Hill, NC 27599-3175
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

mod_ssl problems

[Theofilos Dimitrakopoulos]

Hello there, 
i am trying to implement the mod_ssl. I am 
following exactly the directions as was found in the official site. When i use 
the command nmake /f ms\ntdll.mak i have the following error:

NMAKE: fatal error U1073: don't know how to 
make '.\crypto\cryptlib.h'
stop.


Could anyone help me?

Thanks a lot.

message headers

[Eduardo Gomez]

Can this list implement a default header in the subject of all messages that
reads like [modssl-users]  and THEN the subject?

I'm spending enough time sorting my mail box out already.

If the list admin cannot, oh well... Thanks anyway :)

___
Eduardo Gomez
Innerlab Productions
www.innerlab.com



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: http to https redirect configuration question

[Gilles gros]

We have from time to time the following traces in our Apache logs :

[Mon Feb  4 08:17:24 2002] [error] mod_ssl: SSL handshake interrupted by
system [Hint: Stop button pressed in browser?!] (System error follows)
[Mon Feb  4 08:17:24 2002] [error] System: Connection reset by peer (errno:
104)

Can anyone help us finding what can the problem be related to ?

Our apache is 1.3.20 mod_ssl 2.8.4 OpenSSL 0.9.6b.


Part of our configuration is :

IfModule mod_ssl.c

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

# Adding that line because of info from mod_ssl mailing list to
# make more stable Apache SSL.
# To my understanding (and anyone who can correct me if I am wrong, please
do),
# some versions of Microsoft Internet Explorer (MSIE) have problems with
using the
# HTTP/1.1 protocol with SSL. What this command does is to turn off
keepalive
# facility and force HTTP/1.0 responses (rather than HTTP/1.1 responses)
when the
# browser (User-Agent) is a version of MSIE. If you would like more
information on
# this, you might try the following page from the mod_ssl FAQ:
#
# http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49
#
IfModule mod_setenvif.c
#SetEnvIf User-Agent .*MSIE.* nokeepalive \
ssl-unclean-shutdown downgrade-1.0 \
force-response-1.0
SetEnvIf User-Agent MSIE [1-4] nokeepalive \
ssl-unclean-shutdown downgrade-1.0 \
force-response-1.0
SetEnvIf User-Agent MSIE [5-9] ssl-unclean-shutdown
/IfModule

#
#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First either `none'
#   or `dbm:/path/to/file' for the mechanism to use and
#   second the expiring timeout (in seconds).
#SSLSessionCachenone
#SSLSessionCacheshm:/opt/apache/logs/ssl_scache(512000)
SSLSessionCache dbm:/opt/apache/logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual explusion semaphore the
#   SSL engine uses internally for inter-process synchronization.
SSLMutex  file:/opt/apache/logs/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

SSLEngine   on
SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

# The certificate files are now located under /opt/apache/conf
SSLCertificateFile /opt/apache/conf/XXX.crt
SSLCertificateKeyFile /opt/apache/conf/XXX.key


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: http to https redirect configuration question

[Marco A. Zamora Cunningham]

Take a look at the mod_rewrite docos. I remember seeing some test to 
see if a file exists (-f operator?). You could parse the URL's path to
infer the physical directory and check to see if an .htaccess file
exists there, and redirect appropriately to the SSL virtual server.

Off the top of my head, a  problem you might encounter is that you'd 
only have access to the virtual path (the URL's path), and not to the 
filesystem path, so you'd have to be very careful to take possible 
aliases into account.

OTOH, if I had that need, I'd probably do something in a mod_perl 
handler (not a content handler, probably in an auth or access handler)
because I'd have full access to the Apache API.

Cheers...   MZ

 -Original Message-
 From: John W. Sopko Jr. [mailto:[EMAIL PROTECTED]]
 Sent: Monday, February 04, 2002 10:49
 To: [EMAIL PROTECTED]
 Subject: http to https redirect configuration question
 
 
 I am having a difficult time solving the following: I want our
 apache non-secure http:// server to redirect to the secure
 https:// server whenever the non-secure server encounters a
 .htaccess file in any directory? I do not want to redirect entire
 directories or the server itself, only those that contain a
 .htaccess file.
 
 The standard apache Redirect or RedirctMatch cannot do this
 because the .htaccess file is not typically specified by the
 user. You run into a looping problem if you specify a redirect
 in the .htaccess file itself.
 
 I was hoping there is some switch at the server level to do this.
 I of course searched all the docs and mailing archives for
 a solution. There is a solution using javascript in the index.html
 file that can do a redirect but this would have to be placed
 in everyone's .index file and there is no guarantee users will
 do this. 
 
 Any solutions would be appreciated. Thanks.
 
 -- 
 John W. Sopko Jr.   University of North Carolina
 email: [EMAIL PROTECTED] Computer Science Dept., CB 3175
 Phone: 919-962-1844 Sitterson Hall; Room 135
 Fax:   919-962-1799 Chapel Hill, NC 27599-3175
 __
 Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
 User Support Mailing List  [EMAIL PROTECTED]
 Automated List Manager[EMAIL PROTECTED]
 
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: message headers

[Toomas Aas]

Hi Eduardo!

On  4 Feb 02 at 12:12 you wrote:

 Can this list implement a default header in the subject of all messages that
 reads like [modssl-users]  and THEN the subject?

I prefer it the way it is.

 I'm spending enough time sorting my mail box out already.

Why? Most modern mail clients let you sort the incoming mail into 
folders automatically.
--
Toomas Aas | [EMAIL PROTECTED] | http://www.raad.tartu.ee/~toomas/
* I think, therefore I am overqualified.

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: ssl no response

[Aodhan H]

 Alright, I've managed to establish an ssl conenction, but the session
hangs begore presenting me with a login prompt. I get an insecure prompt
to the directory in question if I use port 80.

 This is the portion of the log from ssl_engine_log during the
negotiation. Using Opera 6.x the connection hangs. Using IE 5.x it asks me
to select a certificate, and lists none for me to use. Can someone
describe what is happening?

 VirtualHost ssl.domain.net:443 
 SSLEngine on
 SSLCipherSuite
ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 SSLCertificateFile /usr/local/apache/conf/ssl.crt/server.crt
 SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/server.key


 ServerAdmin [EMAIL PROTECTED]
 DocumentRoot /www//ssl
 ServerName domain.net
 ErrorLog logs/443error_log
 CustomLog logs/443access_log common
 ScriptAlias /cgi-bin/ /usr/local/apache/cgi-bin/
 Group users
 Directory /www//ssl
AuthName ssl
AuthType Basic
AuthUserFile auth/.htpasswd
Require user aodhan
SSLVerifyClient require
SSLVerifyDepth 1
SSLRequireSSL
 /Directory

 /VirtualHost


 tail -f logs/ssl_engine_log
[04/Feb/2002 09:44:06 13354] [info]  Initial (No.1) HTTPS request received
for child 5 (server domain.net:443)
[04/Feb/2002 09:44:06 13354] [info]  Requesting connection re-negotiation
[04/Feb/2002 09:44:06 13354] [info]  Awaiting re-negotiation handshake
[04/Feb/2002 09:44:06 13354] [error] Re-negotiation handshake failed: Not
accepted by client!?
[04/Feb/2002 09:44:06 13354] [error] SSL error on writing data (OpenSSL
library error follows)
[04/Feb/2002 09:44:06 13354] [error] OpenSSL: error:140890C7:SSL
routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate
[Hint: No CAs known to server for verification?]
[04/Feb/2002 09:44:06 13354] [info]  Connection to child 5 closed with
standard shutdown (server domain.net:443, client 66.35.239.94)
[04/Feb/2002 09:44:07 13353] [info]  Connection to child 4 established
(server terran.net:443, client 66.35.239.94)
[04/Feb/2002 09:44:07 13353] [info]  Seeding PRNG with 1160 bytes of
entropy
[04/Feb/2002 09:44:07 13353] [info]  Connection: Client IP: 66.35.239.94,
Protocol: SSLv3, Cipher: RC4-SHA (128/128 bits)
[04/Feb/2002 09:48:38 13353] [info]  Connection to child 4 closed with
standard shutdown (server domain.net:443, client 66.35.239.94)

-- 


   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Aodhan H.

-   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -
   Ad Astra per Aspera
  A Rough Road Leads To The Stars
-   -   -   -   -   -   -   -   -   -   -   -   -   -   -   -

 Freedom is something you have, not something you're given.

   =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

ssl virtual host IP's

[Sir SoilentG_kov]

I've been looking thru the mod_ssl users archives and have learned that I
can't do SSL on Virtual Hosts that are name based.  I've seen that it is
possible to use it on Virtual Hosts with IP based.

Are these IP based hosts separate computers or can they be Virtual IP's
all pointing to the same computer?  What I want to do is have two domain
names routed to my Linux Web Server and have them both have separate certs.
However, I have no clue how I'd go about setting up two IP's that point to
the same box... doesn't make sense to me so I'm guessing it's not
possible... but would love it if it does.

thanks for bearing with me,

Jeff

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: message headers

[NickM]

No way, thats something that problems me also.  Not every emailer has 
filtering, esp web email.  Also it is standard practice to have a small key in 
the subject for visually filtering what's what.

It doesnt have to be big, something like [modu], and would not invade those 
with filters but allow those without or not using them to have something of use.

Thanks, Nick


Quoting Toomas Aas [EMAIL PROTECTED]:

 Hi Eduardo!
 
 On  4 Feb 02 at 12:12 you wrote:
 
  Can this list implement a default header in the subject of all
 messages that
  reads like [modssl-users]  and THEN the subject?
 
 I prefer it the way it is.
 
  I'm spending enough time sorting my mail box out already.
 
 Why? Most modern mail clients let you sort the incoming mail into 
 folders automatically.



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: message headers

[R. DuFresne]

filter on this:  To: [EMAIL PROTECTED]


Thanks,

Ron DuFresne

On Tue, 5 Feb 2002, NickM wrote:

 No way, thats something that problems me also.  Not every emailer has 
 filtering, esp web email.  Also it is standard practice to have a small key in 
 the subject for visually filtering what's what.
 
 It doesnt have to be big, something like [modu], and would not invade those 
 with filters but allow those without or not using them to have something of use.
 
 Thanks, Nick
 
 
 Quoting Toomas Aas [EMAIL PROTECTED]:
 
  Hi Eduardo!
  
  On  4 Feb 02 at 12:12 you wrote:
  
   Can this list implement a default header in the subject of all
  messages that
   reads like [modssl-users]  and THEN the subject?
  
  I prefer it the way it is.
  
   I'm spending enough time sorting my mail box out already.
  
  Why? Most modern mail clients let you sort the incoming mail into 
  folders automatically.
 
 
 
 __
 Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
 User Support Mailing List  [EMAIL PROTECTED]
 Automated List Manager[EMAIL PROTECTED]
 

-- 
~~
admin  senior security consultant:  sysinfo.com
http://sysinfo.com

Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation.
-- Johnny Hart

testing, only testing, and damn good at it too!

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Connection hangs when using SSL

[Ken Tune]

Title: Connection hangs when using SSL





I'm trying to get Apache up and running on WinNT, with SSL


I'm using 


Apache/1.3.19 (Win32) 
mod_ssl/2.8.3 
OpenSSL/0.9.6a 


My Apache config is as follows ...


SSLMutex sem
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
SSLSessionCache none


SSLLog logs/SSL.log
SSLLogLevel debug


VirtualHost MY_HOST:443
 ServerName MY_HOST
 SSLEngine on
 SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL


 SSLCertificateFile D:/apache/ssl/my-server.cert
 SSLCertificateKeyFile D:/apache/ssl/my-server.key


 SetEnvIf User-Agent .*MSIE.* \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
  CustomLog logs/ssl_request_log combined
/VirtualHost


My problem is that when I issue https://MY_HOST through the browser the browser simply hangs - there's no response from apache.

If I try and connect to 443 directly using openssl I get


$ openssl s_client -connect MY_HOST:443 -state -debug
CONNECTED(0003)
SSL_connect:before/connect initialization
write to 0A01ED48 [0A01F788] (130 bytes = 130 (0x82))
 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ..W... .
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .f..
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a..
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...@...
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 
0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c 15 ..F.v.*c..r%w..
0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db ed wF.i. ..}{.
0080 - b6 1c ..
SSL_connect:SSLv2/v3 write client hello A


... and nothing more.


I've tried using the -ssl2 and -ssl3 flags, but get the same result.


I've tried connecting using telnet and trying to speak http to the port and that doesn't work so that's not the issue.


Furthermore, when I try and connect I get an entry in my ssl.log ...


[04/Feb/2002 17:01:01 00193] [info] Connection to child 4 established (server MY_HOST:443, client MY_IP)


Any suggestions gratefully received


Regards


Ken Tune

Re: Connection hangs when using SSL

[suchit mishra]

Please refer to this tutorial. 

http://tud.at/programm/apache-ssl-win32-howto.php3

I got it working yesterday doing as it says. 

Try starting Apache as a service by typing
apache -i from command prompt and see if it throws any
error messages.

I had the same setup as yours.

Suchit
--- Ken Tune [EMAIL PROTECTED] wrote:
 I'm trying to get Apache up and running on WinNT,
 with SSL
 
 I'm using 
 
 Apache/1.3.19 (Win32) 
 mod_ssl/2.8.3 
 OpenSSL/0.9.6a 
 
 My Apache config is as follows ...
 
 SSLMutex sem
 SSLRandomSeed startup builtin
 SSLRandomSeed connect builtin
 SSLSessionCache none
 
 SSLLog logs/SSL.log
 SSLLogLevel debug
 
 VirtualHost MY_HOST:443
   ServerName MY_HOST
   SSLEngine on
   SSLCipherSuite

ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
 
   SSLCertificateFile D:/apache/ssl/my-server.cert
   SSLCertificateKeyFile D:/apache/ssl/my-server.key
 
   SetEnvIf User-Agent .*MSIE.* \
  nokeepalive ssl-unclean-shutdown \
  downgrade-1.0 force-response-1.0
   CustomLog logs/ssl_request_log combined
 /VirtualHost
 
 My problem is that when I issue https://MY_HOST
 through the browser the
 browser simply hangs  - there's no response from
 apache.
 
 If I try and connect to 443 directly using openssl I
 get
 
 $ openssl s_client  -connect  MY_HOST:443 -state
 -debug
 CONNECTED(0003)
 SSL_connect:before/connect initialization
 write to 0A01ED48 [0A01F788] (130 bytes = 130
 (0x82))
  - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00
 00   ..W... .
 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00
 05   .f..
 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80
 00   
 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00
 00   .e..d..c..b..a..
 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00
 14   `...@...
 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80
 02   
 0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c
 15   ..F.v.*c..r%w..
 0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db
 ed   wF.i. ..}{.
 0080 - b6 1c
 ..
 SSL_connect:SSLv2/v3 write client hello A
 
 ... and nothing more.
 
 I've tried using the -ssl2 and -ssl3 flags, but get
 the same result.
 
 I've tried connecting using telnet and trying to
 speak http to the port and
 that doesn't work so that's not the issue.
 
 Furthermore, when I try and connect I get an entry
 in my ssl.log ...
 
 [04/Feb/2002 17:01:01 00193] [info]  Connection to
 child 4 established
 (server MY_HOST:443, client MY_IP)
 
 Any suggestions gratefully received
 
 Regards
 
 Ken Tune
 
 


__
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: message headers

[NickM]

As just said, I do not have filtering!!

The list is not high traffic enough to concern me terribly, but would be nice.


Quoting R. DuFresne [EMAIL PROTECTED]:

 filter on this:  To: [EMAIL PROTECTED]
 
 
 Thanks,
 
 Ron DuFresne
 
 On Tue, 5 Feb 2002, NickM wrote:
 
  No way, thats something that problems me also.  Not every emailer has
 
  filtering, esp web email.  Also it is standard practice to have a
 small key in 
  the subject for visually filtering what's what.
  
  It doesnt have to be big, something like [modu], and would not invade
 those 
  with filters but allow those without or not using them to have
 something of use.
  
  Thanks, Nick



__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: message headers

[R. DuFresne]

Thats a shortcoming on your part though, a proper mail reader can
accomplish this chore.

Thanks,

Ron DuFresne

On Tue, 5 Feb 2002, NickM wrote:

 As just said, I do not have filtering!!
 
 The list is not high traffic enough to concern me terribly, but would be nice.
 
 
 Quoting R. DuFresne [EMAIL PROTECTED]:
 
  filter on this:  To: [EMAIL PROTECTED]
  
  
  Thanks,
  
  Ron DuFresne
  
  On Tue, 5 Feb 2002, NickM wrote:
  
   No way, thats something that problems me also.  Not every emailer has
  
   filtering, esp web email.  Also it is standard practice to have a
  small key in 
   the subject for visually filtering what's what.
   
   It doesnt have to be big, something like [modu], and would not invade
  those 
   with filters but allow those without or not using them to have
  something of use.
   
   Thanks, Nick
 
 
 
 __
 Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
 User Support Mailing List  [EMAIL PROTECTED]
 Automated List Manager[EMAIL PROTECTED]
 

-- 
~~
admin  senior security consultant:  sysinfo.com
http://sysinfo.com

Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation.
-- Johnny Hart

testing, only testing, and damn good at it too!

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

AW: Connection hangs when using SSL

[Michael . Straessle]

habe you set

Listen 443

in your conf?

-Ursprungliche Nachricht-
Von: Ken Tune [mailto:[EMAIL PROTECTED]]
Gesendet: Montag, 4. Februar 2002 19:03
An: '[EMAIL PROTECTED]'
Betreff: Connection hangs when using SSL


I'm trying to get Apache up and running on WinNT, with SSL 
I'm using 
Apache/1.3.19 (Win32) 
mod_ssl/2.8.3 
OpenSSL/0.9.6a 
My Apache config is as follows ... 
SSLMutex sem 
SSLRandomSeed startup builtin 
SSLRandomSeed connect builtin 
SSLSessionCache none 
SSLLog logs/SSL.log 
SSLLogLevel debug 
VirtualHost MY_HOST:443 
ServerName MY_HOST 
SSLEngine on 
SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL 
SSLCertificateFile D:/apache/ssl/my-server.cert 
SSLCertificateKeyFile D:/apache/ssl/my-server.key 
SetEnvIf User-Agent .*MSIE.* \ 
 nokeepalive ssl-unclean-shutdown \ 
 downgrade-1.0 force-response-1.0 
CustomLog logs/ssl_request_log combined 
/VirtualHost 
My problem is that when I issue https://MY_HOST through the browser the
browser simply hangs  - there's no response from apache.
If I try and connect to 443 directly using openssl I get 
$ openssl s_client  -connect  MY_HOST:443 -state -debug 
CONNECTED(0003) 
SSL_connect:before/connect initialization 
write to 0A01ED48 [0A01F788] (130 bytes = 130 (0x82)) 
 - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00   ..W... . 
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05   .f.. 
0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00    
0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00   .e..d..c..b..a.. 
0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14   `...@... 
0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02    
0060 - 00 80 46 fe 76 0c 2a 63-8a 04 72 25 77 e3 3c 15   ..F.v.*c..r%w.. 
0070 - 22 77 46 a4 69 b9 20 85-03 7d 7b ad 85 b9 db ed   wF.i. ..}{. 
0080 - b6 1c .. 
SSL_connect:SSLv2/v3 write client hello A 
... and nothing more. 
I've tried using the -ssl2 and -ssl3 flags, but get the same result. 
I've tried connecting using telnet and trying to speak http to the port and
that doesn't work so that's not the issue. 
Furthermore, when I try and connect I get an entry in my ssl.log ... 
[04/Feb/2002 17:01:01 00193] [info]  Connection to child 4 established
(server MY_HOST:443, client MY_IP) 
Any suggestions gratefully received 
Regards 
Ken Tune 
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]