[no subject]
- - - - - - Chris Cooper [EMAIL PROTECTED] Student Service Centre [EMAIL PROTECTED] Edith Cowan University http://www.ecu.edu.au/ Pearson Street Tel: +61 8 9273 8652 Churchlands Fax: +61 8 9273 8000 - - - - - - __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: .htaccess not processed with client authentication
On Fri, Mar 08, 2002 at 09:46:42AM +0800, Angus Lee wrote: > Hi, > > > Try to put all these directives in httpd.conf file and > > also try to put the SSLRequire directive as follows > > But I want each user to set their client authentication access control to their >directory. > > Is there any bug with previous versions of mod_ssl which would make client >authentication fails? > Not in any of the recent versions ... but since you seem to be wanting .htaccess (I missed the beginning of this question) - have you made sure that AllowOverride allows the usage of .htaccess within those directories? http://httpd.apache.org/docs/mod/core.html#allowoverride vh Mads Toftum -- With a rubber duck, one's never alone. -- "The Hitchhiker's Guide to the Galaxy" __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Job openings
OK, well that's what I call putting your foot in your mouth! Apologies to all. -P -Original Message-From: Paul G. Weiss Sent: Thursday, March 07, 2002 9:43 PMTo: '[EMAIL PROTECTED]'Subject: RE: Job openings -Original Message-From: Mark J. Matheson [mailto:[EMAIL PROTECTED]]Sent: Thursday, March 07, 2002 9:40 PMTo: [EMAIL PROTECTED]Subject: Re: Job openingsavijeet banerjee wrote: We have a requirement for a developer(senior) in a large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks Avijeet Avijeet Banerjee >From: "Patrick Willart" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: "cesar" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: mod_ssl >Date: Thu, 7 Mar 2002 13:34:41 -0800 > >Hi Cesar, > >Mod_ssl isn't the problem It works fine. But when you also add JSP >functionality (tomcat / WARP), the server becomes instable. It appears to be >crashing when multiple requests for one or more JSPs are send to the server >at the same time. > >Apache+mod_ssl works ok >Apache+tomcat works ok > >but > >Apache+mod_ssl+tomcat works but is very instable. > >I actually changed to iPlanet ($ 1500) because of this. > >Apache 2.0 will have SSL integrated. Maybe the problem will be solved >then... Personally I have good feelings about this because the way threading >is handled is completely revised. > >Are you only getting an error message in the log and does everything work? >Or doesn't it... > >Patrick >- Original Message - >From: "cesar" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, March 07, 2002 12:39 PM >Subject: mod_ssl > > > > Hello Patrick > > > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > > my web server(windows 2000) i receive this error log: > > > > You are using mod_ssl under Win32.This> combination is *NOT* officially > > supported. Use it at your own risk! > > > > What is this?? > > Is there a version stable of the apache+ssl for windows? > > > > Tks. > > > > Cesar > > > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] Chat with friends online, try MSN Messenger: Click Here __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] contact me directly at [EMAIL PROTECTED] I might be able to help Mark Thank you for sharing that with the group. -P
Re: Job openings
"Paul G. Weiss" wrote: -Original Message- From: Mark J. Matheson [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 9:40 PM To: [EMAIL PROTECTED] Subject: Re: Job openings avijeet banerjee wrote: We have a requirement for a developer(senior) in a large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks Avijeet Avijeet Banerjee >From: "Patrick Willart" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: "cesar" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: mod_ssl >Date: Thu, 7 Mar 2002 13:34:41 -0800 > >Hi Cesar, > >Mod_ssl isn't the problem It works fine. But when you also add JSP >functionality (tomcat / WARP), the server becomes instable. It appears to be >crashing when multiple requests for one or more JSPs are send to the server >at the same time. > >Apache+mod_ssl works ok >Apache+tomcat works ok > >but > >Apache+mod_ssl+tomcat works but is very instable. > >I actually changed to iPlanet ($ 1500) because of this. > >Apache 2.0 will have SSL integrated. Maybe the problem will be solved >then... Personally I have good feelings about this because the way threading >is handled is completely revised. > >Are you only getting an error message in the log and does everything work? >Or doesn't it... > >Patrick >- Original Message - >From: "cesar" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, March 07, 2002 12:39 PM >Subject: mod_ssl > > > > Hello Patrick > > > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > > my web server(windows 2000) i receive this error log: > > > > You are using mod_ssl under Win32.This> combination is *NOT* officially > > supported. Use it at your own risk! > > > > What is this?? > > Is there a version stable of the apache+ssl for windows? > > > > Tks. > > > > Cesar > > > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] Chat with friends online, try MSN Messenger: Click Here __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] contact me directly at [EMAIL PROTECTED] I might be able to help Mark Thank you for sharing that with the group. -P sorry, to fast on the trigger begin:vcard n:Matheson;Mark J. tel;cell:503.803.5712 tel;fax:503.650.5066 tel;work:503.722.7416 x-mozilla-html:FALSE url:www.GISjobs.com.au org:Howell Spatial Industries;USA Branch adr:;;855 Molalla Ave.;Oregon City;Or;97045;USA version:2.1 email;internet:[EMAIL PROTECTED] title:Executive Manager fn:Mark J. Matheson end:vcard
RE: Job openings
-Original Message-From: Mark J. Matheson [mailto:[EMAIL PROTECTED]]Sent: Thursday, March 07, 2002 9:40 PMTo: [EMAIL PROTECTED]Subject: Re: Job openingsavijeet banerjee wrote: We have a requirement for a developer(senior) in a large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks Avijeet Avijeet Banerjee >From: "Patrick Willart" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: "cesar" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: mod_ssl >Date: Thu, 7 Mar 2002 13:34:41 -0800 > >Hi Cesar, > >Mod_ssl isn't the problem It works fine. But when you also add JSP >functionality (tomcat / WARP), the server becomes instable. It appears to be >crashing when multiple requests for one or more JSPs are send to the server >at the same time. > >Apache+mod_ssl works ok >Apache+tomcat works ok > >but > >Apache+mod_ssl+tomcat works but is very instable. > >I actually changed to iPlanet ($ 1500) because of this. > >Apache 2.0 will have SSL integrated. Maybe the problem will be solved >then... Personally I have good feelings about this because the way threading >is handled is completely revised. > >Are you only getting an error message in the log and does everything work? >Or doesn't it... > >Patrick >- Original Message - >From: "cesar" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, March 07, 2002 12:39 PM >Subject: mod_ssl > > > > Hello Patrick > > > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > > my web server(windows 2000) i receive this error log: > > > > You are using mod_ssl under Win32.This> combination is *NOT* officially > > supported. Use it at your own risk! > > > > What is this?? > > Is there a version stable of the apache+ssl for windows? > > > > Tks. > > > > Cesar > > > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] Chat with friends online, try MSN Messenger: Click Here __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] contact me directly at [EMAIL PROTECTED] I might be able to help Mark Thank you for sharing that with the group. -P
Re: Job openings
avijeet banerjee wrote: We have a requirement for a developer(senior) in a large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage.Please send resumes ASAP.thanks Avijeet Avijeet Banerjee >From: "Patrick Willart" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: "cesar" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: mod_ssl >Date: Thu, 7 Mar 2002 13:34:41 -0800 > >Hi Cesar, > >Mod_ssl isn't the problem It works fine. But when you also add JSP >functionality (tomcat / WARP), the server becomes instable. It appears to be >crashing when multiple requests for one or more JSPs are send to the server >at the same time. > >Apache+mod_ssl works ok >Apache+tomcat works ok > >but > >Apache+mod_ssl+tomcat works but is very instable. > >I actually changed to iPlanet ($ 1500) because of this. > >Apache 2.0 will have SSL integrated. Maybe the problem will be solved >then... Personally I have good feelings about this because the way threading >is handled is completely revised. > >Are you only getting an error message in the log and does everything work? >Or doesn't it... > >Patrick >- Original Message - >From: "cesar" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, March 07, 2002 12:39 PM >Subject: mod_ssl > > > > Hello Patrick > > > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > > my web server(windows 2000) i receive this error log: > > > > You are using mod_ssl under Win32.This> combination is *NOT* officially > > supported. Use it at your own risk! > > > > What is this?? > > Is there a version stable of the apache+ssl for windows? > > > > Tks. > > > > Cesar > > > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] Chat with friends online, try MSN Messenger: Click Here __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] contact me directly at [EMAIL PROTECTED] I might be able to help Mark begin:vcard n:Matheson;Mark J. tel;cell:503.803.5712 tel;fax:503.650.5066 tel;work:503.722.7416 x-mozilla-html:FALSE url:www.GISjobs.com.au org:Howell Spatial Industries;USA Branch adr:;;855 Molalla Ave.;Oregon City;Or;97045;USA version:2.1 email;internet:[EMAIL PROTECTED] title:Executive Manager fn:Mark J. Matheson end:vcard
Re: .htaccess not processed with client authentication
Hi, > Try to put all these directives in httpd.conf file and > also try to put the SSLRequire directive as follows But I want each user to set their client authentication access control to their directory. Is there any bug with previous versions of mod_ssl which would make client authentication fails? Angus Lee __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Job openings
We have a requirement for a developer(senior) in a large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage. Please send resumes ASAP. thanks Avijeet Avijeet Banerjee >From: "Patrick Willart" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: "cesar" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: mod_ssl >Date: Thu, 7 Mar 2002 13:34:41 -0800 > >Hi Cesar, > >Mod_ssl isn't the problem It works fine. But when you also add JSP >functionality (tomcat / WARP), the server becomes instable. It appears to be >crashing when multiple requests for one or more JSPs are send to the server >at the same time. > >Apache+mod_ssl works ok >Apache+tomcat works ok > >but > >Apache+mod_ssl+tomcat works but is very instable. > >I actually changed to iPlanet ($ 1500) because of this. > >Apache 2.0 will have SSL integrated. Maybe the problem will be solved >then... Personally I have good feelings about this because the way threading >is handled is completely revised. > >Are you only getting an error message in the log and does everything work? >Or doesn't it... > >Patrick >- Original Message - >From: "cesar" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, March 07, 2002 12:39 PM >Subject: mod_ssl > > > > Hello Patrick > > > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > > my web server(windows 2000) i receive this error log: > > > > You are using mod_ssl under Win32.This> combination is *NOT* officially > > supported. Use it at your own risk! > > > > What is this?? > > Is there a version stable of the apache+ssl for windows? > > > > Tks. > > > > Cesar > > > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] Chat with friends online, try MSN Messenger: Click Here __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl
We have a requirement for a developer(senior) in a large software development organization. The person should have expertise in C , apache mods , Oracle Pl/sql and java/jsp experience would be an added advantage. Please send resumes ASAP. thanks Avijeet Avijeet Banerjee >From: "Patrick Willart" <[EMAIL PROTECTED]> >Reply-To: [EMAIL PROTECTED] >To: "cesar" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> >Subject: Re: mod_ssl >Date: Thu, 7 Mar 2002 13:34:41 -0800 > >Hi Cesar, > >Mod_ssl isn't the problem It works fine. But when you also add JSP >functionality (tomcat / WARP), the server becomes instable. It appears to be >crashing when multiple requests for one or more JSPs are send to the server >at the same time. > >Apache+mod_ssl works ok >Apache+tomcat works ok > >but > >Apache+mod_ssl+tomcat works but is very instable. > >I actually changed to iPlanet ($ 1500) because of this. > >Apache 2.0 will have SSL integrated. Maybe the problem will be solved >then... Personally I have good feelings about this because the way threading >is handled is completely revised. > >Are you only getting an error message in the log and does everything work? >Or doesn't it... > >Patrick >- Original Message - >From: "cesar" <[EMAIL PROTECTED]> >To: <[EMAIL PROTECTED]> >Sent: Thursday, March 07, 2002 12:39 PM >Subject: mod_ssl > > > > Hello Patrick > > > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > > my web server(windows 2000) i receive this error log: > > > > You are using mod_ssl under Win32.This> combination is *NOT* officially > > supported. Use it at your own risk! > > > > What is this?? > > Is there a version stable of the apache+ssl for windows? > > > > Tks. > > > > Cesar > > > > >__ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] Chat with friends online, try MSN Messenger: Click Here __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE browser does not disply proper error message if the certificate is expired
I posted a couple weeks back on the same problem. I had also tried setting specific ErrorDocument directives in my httpd.conf, but it didn't work. From what I can tell is that since the default errors are written into the apache/mod_ssl code to display errors in http not https and when all traffic from my site is forced through https(certificate required) you get a "page cannot be displayed" error. Looking around newsgroup archives the only suggestion I found was to prompt for a cert and add logic to your web app to allow access only if the proper credentials were set as environment variables. Unfortunately not everyone has their site setup with that much flexibility (mine for instance). I challenge those of you knowledgable in the intricacies of mod_ssl to explain why error messages don't display and a feasible workaround (preferrably using mod_ssl verification). On 07 Mar 2002 13:50 CST you wrote: > Any help from anyone? > I need this desperately. > Sincerely > Shiva > > > > --- Shiva Murugesan <[EMAIL PROTECTED]> wrote: > > Many thanks jon. The problem occurs in 5.5 and 6.0 > > as > > well. > > I have tried unchecking the "Show friendly error > > message", still it is not displaying the correct SSL > > message. After unchecking, it started asking twice > > to > > present the client certificate. After presenting the > > client certificate for the second time, it displays > > the standard error message. > > > > Ta > > Shiva > > > > > > > > --- jon schatz <[EMAIL PROTECTED]> wrote: > > > On Mon, 2002-03-04 at 15:50, jon schatz wrote: > > > > if you uncheck "Tools -> Internet Options -> > > > Advanced -> Show Friendly > > > > HTTP error messages", you can get more useful > > > info. Unfortunately, the > > > > default is to show the same error message for > > > everything. You'll have to > > > > change this by hand on your end users' machines > > > (or write an ActiveX > > > > control to do it for you). > > > > > > oops. this is on ie 5.5/6.0. i can't speak for ie > > > 5.0 personally. so > > > ymmv. > > > > > > -jon > > > > > > -- > > > [EMAIL PROTECTED] || www.divisionbyzero.com > > > gpg key: www.divisionbyzero.com/pubkey.asc > > > think i have a virus?: > > > www.divisionbyzero.com/pgp.html > > > "You are in a twisty little maze of Sendmail > > rules, > > > all confusing." > > > > > > > > ATTACHMENT part 2 application/pgp-signature > > name=signature.asc > > > > > > > > __ > > Do You Yahoo!? > > Try FREE Yahoo! Mail - the world's greatest free > > email! > > http://mail.yahoo.com/ > > > __ > > Apache Interface to OpenSSL (mod_ssl) > >www.modssl.org > > User Support Mailing List > > [EMAIL PROTECTED] > > Automated List Manager > [EMAIL PROTECTED] > > > __ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free email! > http://mail.yahoo.com/ > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: SSL Hardware acceleration questions . . .
Fairly easy. For those hardware accelerators which are supported by the OpenSSL engine version, all you need to do is to compile modSSL with the engine version of OpenSSL (present as a separate version of OpenSSL from OpenSSL 0.9.6 on), and include a line in httpd.conf setting SSLCryptoDevice to the engine you wish to use. I've set this up on Solaris, HP UX, AIX, Linux, and FreeBSD. Lynn Gazis -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, March 07, 2002 9:37 AM To: [EMAIL PROTECTED] Subject: SSL Hardware acceleration questions . . . Dear all, Has anyone had any experience with hardware acceleration? specifically: How easy is it to get MOD_SSL to be configured with hardware SSL cards (any cards to avoid/recommend). We have Sun hardware (so Sun/Sonicwall ?) Does anything need to be recompiled? which versions of OpenSSL are supported etc. Any specific experiences with iAS would be excellent. What are the performance advantages? Anything tio watch out for? TIA Mikey All telephone calls are recorded and may be monitored. E-mail communication is not secure and may be intercepted by a third party. This message is confidential to the intended addressee. If you are not the intended addressee, please inform us immediately and then delete this message. Virgin One account does not accept responsibility for changes made to this message after it was sent. Although Virgin One account believes this e-mail is free of any virus or other defect which may affect a computer, it is the responsibility of the recipient to ensure that it is virus free and Virgin One account does not accept any responsibility for any loss or damage arising from its use. The Virgin One account is a secured personal bank account with The Royal Bank of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an Introducer representative only of Virgin Money Personal Financial Service Ltd, which is authorised by the Financial Services Authority for life insurance, pension and unit trust business and represents only the Virgin Money marketing group. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK. Registered in England no 3414708. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
[BugDB] HTTPS doesn't work (PR#669)
Full_Name: Carmen Shinzato Version: 2.8.7 OS: Solaris 2.7 Submission from: (NULL) (161.196.99.99) We have installed Apache 1.3.23 with Openssl 0.9.6b and mod_ssl 2.8.7, The HTTP protocol works well at port 8003 but the HTTPS doesn't work at port 8443, the error is: access denied to www.movilnet.com.ve:8443. For testing the HTTPS protocol we did the following: openssl-0.9.6b/apps/openssl s_client -connect localhost:8443 -state -debug And the result was: warning, not much extra random data, consider using the -rand option CONNECTED(0003) SSL_connect:before/connect initialization write to 00156490 [00158608] (130 bytes => 130 (0x82)) - 80 80 01 03 01 00 57 00-00 00 20 00 00 16 00 00 ..W... . 0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 07 00 00 05 .f.. 0020 - 00 00 04 05 00 80 03 00-80 01 00 80 08 00 80 00 0030 - 00 65 00 00 64 00 00 63-00 00 62 00 00 61 00 00 .e..d..c..b..a.. 0040 - 60 00 00 15 00 00 12 00-00 09 06 00 40 00 00 14 `...@... 0050 - 00 00 11 00 00 08 00 00-06 00 00 03 04 00 80 02 0060 - 00 80 bf d6 ab 1b 5d 34-56 45 03 7f c1 8c 77 9a ..]4VEw. 0070 - bd 05 db 04 f0 13 17 e0-66 55 cd 9d a2 d9 c6 6c fU.l 0080 - b4 df .. SSL_connect:SSLv2/v3 write client hello A read from 00156490 [0015DB68] (7 bytes => 7 (0x7)) - 3c 21 44 4f 43 54 59
SSL Hardware acceleration questions . . .
Dear all, Has anyone had any experience with hardware acceleration? specifically: How easy is it to get MOD_SSL to be configured with hardware SSL cards (any cards to avoid/recommend). We have Sun hardware (so Sun/Sonicwall ?) Does anything need to be recompiled? which versions of OpenSSL are supported etc. Any specific experiences with iAS would be excellent. What are the performance advantages? Anything tio watch out for? TIA Mikey All telephone calls are recorded and may be monitored. E-mail communication is not secure and may be intercepted by a third party. This message is confidential to the intended addressee. If you are not the intended addressee, please inform us immediately and then delete this message. Virgin One account does not accept responsibility for changes made to this message after it was sent. Although Virgin One account believes this e-mail is free of any virus or other defect which may affect a computer, it is the responsibility of the recipient to ensure that it is virus free and Virgin One account does not accept any responsibility for any loss or damage arising from its use. The Virgin One account is a secured personal bank account with The Royal Bank of Scotland plc administered by Virgin Direct Personal Finance Ltd. It is an Introducer representative only of Virgin Money Personal Financial Service Ltd, which is authorised by the Financial Services Authority for life insurance, pension and unit trust business and represents only the Virgin Money marketing group. Registered office: Waterhouse Square, 138-142 Holborn, London EC1N 2TH, UK. Registered in England no 3414708. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl
Hi Cesar, Mod_ssl isn't the problem It works fine. But when you also add JSP functionality (tomcat / WARP), the server becomes instable. It appears to be crashing when multiple requests for one or more JSPs are send to the server at the same time. Apache+mod_ssl works ok Apache+tomcat works ok but Apache+mod_ssl+tomcat works but is very instable. I actually changed to iPlanet ($ 1500) because of this. Apache 2.0 will have SSL integrated. Maybe the problem will be solved then... Personally I have good feelings about this because the way threading is handled is completely revised. Are you only getting an error message in the log and does everything work? Or doesn't it... Patrick - Original Message - From: "cesar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 07, 2002 12:39 PM Subject: mod_ssl > Hello Patrick > > I have a problem with apache+mod_ssl, when i execute any pages .jsp in > my web server(windows 2000) i receive this error log: > > You are using mod_ssl under Win32.This> combination is *NOT* officially > supported. Use it at your own risk! > > What is this?? > Is there a version stable of the apache+ssl for windows? > > Tks. > > Cesar > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
SSL Cert info
Hello, I am looking for info on what risk is involved in a 40 bit SSL cert vs a 128 bit cert. When should one use a 128 bit cert over a 40 bit cert? If someone could please point me to some reliable info on this, I would appreciate it. Thanks, -Brian __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re[2]: MSIE broken SSL implementation - problems with mod_ssl / openssl
Hi Carl, Unfortunately, I have had no luck in tracking down or fixing this problem. And it's really a big problem in my opinion. I haven't had enough time to really dig deep on the using openssl to debug the connection - but I don't really know what I would be looking for specifically. Fortunately (I guess otherwise I would have a special bald spot on my head!), I have access to a broken MSIE browser available in my office that I can use to repeatedly test the server for errors - so there is a way of trying to find the problem. Here is what I have tried: openssl s_server -accept 4443 -WWW -cert /usr/local/apache/conf/ssl.crt/www.condoms.net.crt -key /usr/local/apache/conf/ssl.key/www.condoms.net.key -state -debug When I use this, I get this: Using default temp DH parameters ACCEPT and the system waits for me forever - and I am not sure what to put in. openssl s_client -connect condoms.net:443 CONNECTED(0003) depth=0 /C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net verify error:num=20:unable to get local issuer certificate verify return:1 depth=0 /C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net verify error:num=27:certificate not trusted verify return:1 depth=0 /C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net verify error:num=21:unable to verify the first certificate verify return:1 --- Certificate chain 0 s:/C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net i:/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- Server certificate -BEGIN CERTIFICATE- MIID0zCCA0CgAwIBAgIQWlU/retDZkl/izm7HTNt4TANBgkqhkiG9w0BAQQFADBf MQswCQYDVQQGEwJVUzEgMB4GA1UEChMXUlNBIERhdGEgU2VjdXJpdHksIEluYy4x LjAsBgNVBAsTJVNlY3VyZSBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDExMTI1MDAwMDAwWhcNMDIxMTI4MjM1OTU5WjB4MQswCQYDVQQGEwJVUzET MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxQNU2FuIEZyYW5jaXNjbzEVMBMG A1UEChQMQ29uZG9tIFNlbnNlMQswCQYDVQQLFAJETjEYMBYGA1UEAxQPd3d3LmNv bmRvbXMubmV0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC91jpQDQ/gzKLn u4BLU9rkzp9RPVSTo10u/A7j4nBGHv9oJrswuNxJA5oyNF/naTHX0xNuzWK9LL7A cK/VwciZIHRCXkQq7Xh4pWbdOjRFBhKRmgt0L2roBggPx+ecaH+sUdNOqQvDq68n 0iyVCgnNEmGzTfIKiBN5dVJbHNTOnwIDAQABo4IBeTCCAXUwCQYDVR0TBAIwADAL BgNVHQ8EBAMCBaAwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC52ZXJpc2ln bi5jb20vUlNBU2VjdXJlU2VydmVyLmNybDCBrAYDVR0gBIGkMIGhMIGeBgtghkgB hvhFAQcBATCBjjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t L0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlT aWduJ3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcg VmVyaVNpZ24wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBkGCmCGSAGG +EUBBg8ECxYJOTI2MDIyNDI3MDQGCCsGAQUFBwEBBCgwJjAkBggrBgEFBQcwAYYY aHR0cDovL29jc3AudmVyaXNpZ24uY29tMA0GCSqGSIb3DQEBBAUAA34APutHvd2q aMtbW9hBuGRxGdMie9mgwQgcJC+8TX24M8eg9xKGHdk3u5sURI+I1tNgPRoeeVB0 TKSgiIHkkYhiCEoQD6aJyRisaVeI4wI8NC1qXSSRcuDDra+52lPUQK9hMIpvzENo XV0Cj0KnaPVqkfr/4zRrU9UTE370Jqg= -END CERTIFICATE- subject=/C=US/ST=California/L=San Francisco/O=Condom Sense/OU=DN/CN=www.condoms.net issuer=/C=US/O=RSA Data Security, Inc./OU=Secure Server Certification Authority --- No client certificate CA names sent --- SSL handshake has read 1539 bytes and written 314 bytes --- New, TLSv1/SSLv3, Cipher is EDH-RSA-DES-CBC3-SHA Server public key is 1024 bit SSL-Session: Protocol : TLSv1 Cipher: EDH-RSA-DES-CBC3-SHA Session-ID: 2917B720C36856CC4B2CB63951F9502C449D28905F5856BF2418AA916E74 Session-ID-ctx: Master-Key: 8DB2F877627C8AEE402DBC388F9ACB72C397637E70C87D43AFD7735E2949827C4AAFA6903D88BA7F3B99AFBFAD5BECE4 Key-Arg : None Start Time: 1015525852 Timeout : 300 (sec) Verify return code: 21 (unable to verify the first certificate) --- >>Seems like Microsoft deliberately put some broken SSL implementation in Seems pretty amazing to me that all of the commercial servers that use mod_ssl as a base would or wouldn't have this same issue - but I have not heard of any problems like this with other apache servers like Raven, Stronghold, etc... Maybe there are problems - but I have not been able to find any mention of them. And, it seems very convenient to MS in light of their IIS market share :-) My server configuration has already been posted in a previous message (let me know if you need me to repost it). Let me know if any of this makes sense to you or if you have any ideas. Sincerely, Christopher Taranto At 10:52 AM 3/6/02 +0100, you wrote: >Hello, > >I read your entries in a newsgroup. >I am having exactly the same problem, and I don't want to tell my users >"upgrade your browser, or use netscape". > >I wonder whether you finally found a solution to this embarassing >problem. >Seems like Microsoft deliberately put some broken SSL implementation in >their browser, in order to kill apache / openssl... > >Thx > >Carl D'Halluin >Security Engineer. ___
Re: new rpm for apache-mod_ssl?
Dear R. J. Goyette at Argonne National Laboratory, Just a FYI. I went to your web site at http://zuul.pns.anl.gov/security/ and clicked on the four Links under Destinations. Nothing happens. No propellers; no hour glass; no meter filling up on the browser-wowser. Is it possible that I have something hosed up on my end or are you intending that these links be that secure? Now, for my main question, about your posted CERT RISK statement, to wit: - RE:>> VULNERABILITY ASSESSMENT: The risk is MEDIUM. To exploit the overflow, the server must be configured to allow client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority (CA) which is trusted by the server. - Recently, I miraculously got mod_ssl working with apache in something less than a day (with the secure server being hosted by a new second server which was my first experience installing SuSE Linux). I thought that to be something just short of a miracle, considering the level of investment that was made. And, I have not even scratched the scratch of what is available under the hood for additional features with mod_ssl. However, just prior to this successful effort, I spent the better part of two days figuring out why I could not telnet or ftp to one of my servers, only to discover that it was because my firewall was so tight that it wouldn't let telnet or ftp packets through. I know that viruses, and those who continue to manufacture them, are at an all time high. And, I know that Governor Tom Rich and the Homeland Security folks need to have a big chunk of their budget devoted to catching these rascals; and then for the snacks and sandwiches required to feed the large crowds that will gather at various sites around the country to see these scoundrels hanged... Yet in light of this reality, is the above statement of risk informing smaller web server providers that we need to pay great homage to this seemingly remote possibility, or risk being forever in a state of turmoil? I really want to learn more about mod_ssl on this list, but if this is necessary, then ... Please open my eyes... Andrew Lietzow The ACL Group, Inc. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
new rpm for apache-mod_ssl?
I am running apache-mod_ssl-1.3.20.2.8.4-2, and I like it very much. It is a complete package of apache and ssl, and, as it was packaged into a RedHat rpm, was easy to install. However, the recent security advisory concerning the buffer overflow in mod_ssl (appended below) demonstrates my need for an update. I am unable to locate an rpm which corrects this problem. Is there another way to correct this, short of uninstalling apache-mod_ssl and then installing apache-1.3.23 and mod_ssl-2.8.7-1.3.23 serarately? INFORMATION BULLETIN mod_ssl and Apache_SSL Modules Contain a Buffer Overflow [CERT Vulnerability Note VU#234971] March 6, 2002 00:00 GMT Number M-053 __ PROBLEM: There is a remotely exploitable buffer overflow in two modules that implement the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocol. PLATFORM: mod_ssl in all versions prior to 2.8.7-1.3.23. Apache-SSL in all version prior to 1.3.22+1.4.6. DAMAGE:An attacker may be able to execute arbitrary code on the system with the privileges of the ssl module. SOLUTION: Upgrade to mod_ssl 2.8.7 or Apache_SSL 1.3.22+1.46, or apply the patch provided by your vendor. __ VULNERABILITY The risk is MEDIUM. To exploit the overflow, the server must be ASSESSMENT:configured to allow client certificates, and an attacker must obtain a carefully crafted client certificate that has been signed by a Certificate Authority (CA) which is trusted by the server. -- R. J. Goyette Argonne National Laboratory [EMAIL PROTECTED] http://www.pns.anl.gov __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE browser does not disply proper error message if the certificate is expired
Any help from anyone? I need this desperately. Sincerely Shiva --- Shiva Murugesan <[EMAIL PROTECTED]> wrote: > Many thanks jon. The problem occurs in 5.5 and 6.0 > as > well. > I have tried unchecking the "Show friendly error > message", still it is not displaying the correct SSL > message. After unchecking, it started asking twice > to > present the client certificate. After presenting the > client certificate for the second time, it displays > the standard error message. > > Ta > Shiva > > > > --- jon schatz <[EMAIL PROTECTED]> wrote: > > On Mon, 2002-03-04 at 15:50, jon schatz wrote: > > > if you uncheck "Tools -> Internet Options -> > > Advanced -> Show Friendly > > > HTTP error messages", you can get more useful > > info. Unfortunately, the > > > default is to show the same error message for > > everything. You'll have to > > > change this by hand on your end users' machines > > (or write an ActiveX > > > control to do it for you). > > > > oops. this is on ie 5.5/6.0. i can't speak for ie > > 5.0 personally. so > > ymmv. > > > > -jon > > > > -- > > [EMAIL PROTECTED] || www.divisionbyzero.com > > gpg key: www.divisionbyzero.com/pubkey.asc > > think i have a virus?: > > www.divisionbyzero.com/pgp.html > > "You are in a twisty little maze of Sendmail > rules, > > all confusing." > > > > > ATTACHMENT part 2 application/pgp-signature > name=signature.asc > > > > __ > Do You Yahoo!? > Try FREE Yahoo! Mail - the world's greatest free > email! > http://mail.yahoo.com/ > __ > Apache Interface to OpenSSL (mod_ssl) >www.modssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: .htaccess not processed with client authentication
Try to put all these directives in httpd.conf file and
also try to put the SSLRequire directive as follows
SSLRequire %{SSL_CLIENT_M_SERIAL} eq "A6"
-- Shiva
--- Angus Lee <[EMAIL PROTECTED]> wrote:
> Hi, list,
>
> I used .htaccess to add client authentication to
> access a particular directory. However it seems that
> .htaccess is not processed occassionally when http
> request is made to an object in that directory.
> Anything wrong with my configuration?
>
> SSLRequireSSL
> SSLVerifyClient require
> SSLVerifyDepth 1
> SSLRequire %{SSL_CLIENT_M_SERIAL} eq "A6"
>
> And when requet to a file requires client
> authentication, the server would return 'Internal
> Server Probelm' after a long run. Is my server
> having too few resources? Please help. Thank you.
>
> Angus Lee
>
__
> Apache Interface to OpenSSL (mod_ssl)
>www.modssl.org
> User Support Mailing List
> [EMAIL PROTECTED]
> Automated List Manager
[EMAIL PROTECTED]
__
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
.htaccess not processed with client authentication
Hi, list,
I used .htaccess to add client authentication to access a particular directory.
However it seems that .htaccess is not processed occassionally when http request is
made to an object in that directory. Anything wrong with my configuration?
SSLRequireSSL
SSLVerifyClient require
SSLVerifyDepth 1
SSLRequire %{SSL_CLIENT_M_SERIAL} eq "A6"
And when requet to a file requires client authentication, the server would return
'Internal Server Probelm' after a long run. Is my server having too few resources?
Please help. Thank you.
Angus Lee
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
How do i start ?
I just recently installed mod_ssl from an rpm, and i wanted to know if there is some document that exaplains what i NEED in the httpd.conf file for the minimum set of functions. The howto and the reference simply throw a metric ton of information at me, and i don't udnerstand everything they are saying. Which Directives i must have in the conf file and which are optional ? which of the files i should use and where ? -- "God is a programmer".
