RE: Apache 2.0.35 - ssl fails silently?
Have you tried looking in ssl_engine.log? -Original Message- From: Paul English [mailto:[EMAIL PROTECTED]] Sent: 02 September 2002 22:55 To: [EMAIL PROTECTED] Subject: Re: Apache 2.0.35 - ssl fails silently? > On Mon, 2 Sep 2002, Paul English wrote: > > > I'm working with a new setup of 2.0.35 under Linux, and having > > First of all, why 2.0.35 on a new setup? 2.0.36 was the first full > release (back in April). 2.0.40 is the current release. Oops, I guess I should have said "relatively new." It has been up and running without any SSL for a few months. I'm downloading 2.0.40 now, although I think the problem is most likely configuration somehow. Paul __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Win32 1.3.26 and 2.8.10
I downloaded the sources and compiled them. SSL appears to be working to the point that its making log files etc. But its does its handshake and stops after expecting a 5 byte read. -Original Message- From: Vince Montuoro [mailto:[EMAIL PROTECTED]] Sent: Sunday, September 01, 2002 11:44 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Win32 1.3.26 and 2.8.10 Did you download the install file from modssl.org\contrib page? if not go there and here is a great page to help you install Apache with modssl http://www.serverwatch.com/tutorials/article.php/1437211 and mysql installation if your interested http://www.serverwatch.com/tutorials/article.php/1441631 Good Luck Vince p.s IF YOU GET AN APPLE IMAC ACCESSING THE SITE EMAIL ME YOUR WORKING CONFIG PLEASE. -Original Message- From: VMaxx [mailto:[EMAIL PROTECTED]] Sent: Monday, 2 September 2002 12:44 AM To: [EMAIL PROTECTED] Subject: Win32 1.3.26 and 2.8.10 I've done all kinds of configuration modifications etc, and it handshakes but drops immediately after. It appears that others have been having the same results. So I was wondering, Has anyone successfully gotten it to work on Win32? Thanks Shane __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.0.35 - ssl fails silently?
> On Mon, 2 Sep 2002, Paul English wrote: > > > I'm working with a new setup of 2.0.35 under Linux, and having > > First of all, why 2.0.35 on a new setup? 2.0.36 was the first full > release (back in April). 2.0.40 is the current release. Oops, I guess I should have said "relatively new." It has been up and running without any SSL for a few months. I'm downloading 2.0.40 now, although I think the problem is most likely configuration somehow. Paul __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache 2.0.35 - ssl fails silently?
On Mon, 2 Sep 2002, Paul English wrote: > I'm working with a new setup of 2.0.35 under Linux, and having First of all, why 2.0.35 on a new setup? 2.0.36 was the first full release (back in April). 2.0.40 is the current release. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Apache 2.0.35 - ssl fails silently?
Hi, I'm working with a new setup of 2.0.35 under Linux, and having some trouble. I'm not sure where to look as there are no errors in error_log, or /var/log/messages or on the console. Reading the docs I eliminated: having Listen on port 443 and an appropriate virtual host context using apachectl startssl to pass -DSSL to the server tried using the stock httpd.conf and ssl.conf None of the above seems to work. Thrown into the mix I have several interfaces on the machine, and ipchains (for which I've enabled access from everywhere to port 443). I tested all the interfaces using nmap, which just says that port 443 is closed, and telnet. I've attached my config files to see if anyone else can make sense of it. Thanks, Paul # # This is the Apache server configuration file providing SSL support. # It contains the configuration directives to instruct the server how to # serve pages over an https connection. For detailing information about these # directives see http://httpd.apache.org/docs-2.0/mod/mod_ssl.html> # # For the moment, see http://www.modssl.org/docs/> for this info. # The documents are still being prepared from material donated by the # modssl project. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # Until documentation is completed, please check http://www.modssl.org/ # for additional config examples and module docmentation. Directives # and features of mod_ssl are largely unchanged from the mod_ssl project # for Apache 1.3. # # When we also provide SSL we have to listen to the # standard HTTP port (see above) and to the HTTPS port # Listen 206.253.195.210:443 # # Dynamic Shared Object (DSO) Support # # To be able to use the functionality of a module which was built as a DSO you #ErrorLog logs/dummy-host.example.com-error_log #CustomLog logs/dummy-host.example.com-access_log common ## ## SSL Global Context ## ## All SSL configuration in this context applies both to ## the main server and all SSL-enabled virtual hosts. ## # # Some MIME-types for downloading Certificates and CRLs # AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl # Pass Phrase Dialog: # Configure the pass phrase gathering process. # The filtering dialog program (`builtin' is a internal # terminal dialog) has to provide the pass phrase on stdout. SSLPassPhraseDialog builtin # Inter-Process Session Cache: # Configure the SSL Session Cache: First the mechanism # to use and second the expiring timeout (in seconds). #SSLSessionCachenone #SSLSessionCacheshmht:logs/ssl_scache(512000) #SSLSessionCacheshmcb:logs/ssl_scache(512000) SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 # Semaphore: # Configure the path to the mutual exclusion semaphore the # SSL engine uses internally for inter-process synchronization. SSLMutex file:logs/ssl_mutex # Pseudo Random Number Generator (PRNG): # Configure one or more sources to seed the PRNG of the # SSL library. The seed data should be of good random quality. # WARNING! On some platforms /dev/random blocks if not enough entropy # is available. This means you then cannot use the /dev/random device # because it would lead to very long connection times (as long as # it requires to make more entropy available). But usually those # platforms additionally provide a /dev/urandom device which doesn't # block. So, if available, use this one instead. Read the mod_ssl User # Manual for more details. SSLRandomSeed startup builtin SSLRandomSeed connect builtin #SSLRandomSeed startup file:/dev/random 512 #SSLRandomSeed startup file:/dev/urandom 512 #SSLRandomSeed connect file:/dev/random 512 #SSLRandomSeed connect file:/dev/urandom 512 # Logging: # The home of the dedicated SSL protocol logfile. Errors are # additionally duplicated in the general error log file. Put # this somewhere where it cannot be used for symlink attacks on # a real server (i.e. somewhere where only root can write). # Log levels are (ascending order: higher ones include lower ones): # none, error, warn, info, trace, debug. SSLLog logs/ssl_engine_log SSLLogLevel info ## ## SSL Virtual Host Context ## # General setup for the virtual host DocumentRoot "/usr/local/htdocs/test" ServerName 3tiergroup.com:443 ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error_log TransferLog logs/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on # SSL Cipher Suite: # List the ciphers that the client is permitted to negotiate. # See the mod_ssl documentation for a complete list. SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+S
Avoid client certificate dialog, when client has no certificate
Hi, I like to have an optional authetification with client certificates. Everythings works well, except that the browser (IE 5.5) pops up a dialog (which lists no certificates) also the client has no certificates installed. Netscape 4.7 gives me an error message that there are no certificates installed. After confiming these dialogs, everything works as excepted. I have SSLVerifyDepth 1 SSLVerifyClient optional in my httpd.conf Is there any chance to avoid this useless dialog? Gerald - Gerald Richterecos electronic communication services gmbh Internetconnect * Webserver/-design/-datenbanken * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: [EMAIL PROTECTED] Voice:+49 6133 925131 WWW:http://www.ecos.de Fax: +49 6133 925152 - __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache Operations?
That depends on which firewall you have. Mail me off the list with details and I'll see what I can do to help. I was hoping to speak at this year's apachecon on "Apache and Firewalls", but it wasn't to be! Maybe next year... - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] Reality TV - the ultimate oxymoron > -Original Message- > From: Mark-Nathaniel Weisman [mailto:[EMAIL PROTECTED]] > Sent: 01 September 2002 10:01 > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Apache Operations? > > > This may be a little off topic, but I can't find any other > place to post > it. I have a apache web server running inside my network behind a > firewall. The firewall is using NATD/IPFW to forward IP > packets through > based on port address assignment. I wondering how I can route > a request > to a specific domain name from the main webserver to another > server with > a class C address? And only for the singular domain name? Any > suggestions? > > His humble servant, > Mark-Nathaniel Weisman > President > Outland Domain Group Consulting > Anchorage,AK USA > http://www.outlander.us > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > - NOTICE: The information contained in this email and any attachments is confidential and may be legally privileged. If you are not the intended recipient you are hereby notified that you must not use, disclose, distribute, copy, print or rely on this email's content. If you are not the intended recipient, please notify the sender immediately and then delete the email and any attachments from your system. RNIB has made strenuous efforts to ensure that emails and any attachments generated by its staff are free from viruses. However, it cannot accept any responsibility for any viruses which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
