Errors with firefox
Hello thereNot sure if the underlying problem here is with mod_ssl or openssl or something else - so apologies if this email is going to the wrong place.I have apache compiled on solaris with sun cc with mod_ssl- 2.8.25-1.3.34 and openssl-0.9.8a (I've also tried 0.9.7i).When accessing the site using Internet Explorer I have no problems. With Firefox the browser reports an 'incorrect Message Authentication Code' and the server logs report: [Mon Jan 23 13:13:54 2006] [error] mod_ssl: SSL handshake failed (server xxx:443, client xxx) (OpenSSL library error follows)[Mon Jan 23 13:13:54 2006] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac I do have previous builds that 'work' ... but have been unable to determine precisely what change initiated this problem. One possible suspect is the Sun compiler, which was now from studio 11 and was previously from an earlier version which I don't have access to any more. Any suggestions much appreciatedThanksMichael Smith
RE: Errors with firefox
I had exactly the same problem when I compile my new Apache server (2.2.0) with mod_ssl. To be short, I think you are using the packaged OpenSSL. I fixed the problem by re-compiling the OpenSSL on the system with shared option, but first remove the pre-installed OpenSSL package. - Ming Yu - Johns Hopkins University Applied Physics Lab. From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael Smith Sent: Monday, January 23, 2006 9:20 AM To: modssl-users@modssl.org Subject: Errors with firefox Hello there Not sure if the underlying problem here is with mod_ssl or openssl or something else - so apologies if this email is going to the wrong place. I have apache compiled on solaris with sun cc with mod_ssl- 2.8.25-1.3.34 and openssl-0.9.8a (I've also tried 0.9.7i). When accessing the site using Internet Explorer I have no problems. With Firefox the browser reports an 'incorrect Message Authentication Code' and the server logs report: [Mon Jan 23 13:13:54 2006] [error] mod_ssl: SSL handshake failed (server xxx:443, client xxx) (OpenSSL library error follows) [Mon Jan 23 13:13:54 2006] [error] OpenSSL: error:1408F455:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac I do have previous builds that 'work' ... but have been unable to determine precisely what change initiated this problem. One possible suspect is the Sun compiler, which was now from studio 11 and was previously from an earlier version which I don't have access to any more. Any suggestions much appreciated Thanks Michael Smith
Back in the ModSSL group?
Hi, I quit this forum a while back, and today I am suddenly receiving e-mails again. What's going on? How did I get back in the group? Can someone tell me how to opt-out again? I no longer have any of my old subscription info, and opt-out instructions aren't included in the e-mails like other e-mail forums I use. Thanks, Kyle __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
RE: Back in the ModSSL group?
Me too. What happened? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Kyle Sent: Monday, January 23, 2006 9:56 AM To: modssl-users@modssl.org Subject: Back in the ModSSL group? Hi, I quit this forum a while back, and today I am suddenly receiving e-mails again. What's going on? How did I get back in the group? Can someone tell me how to opt-out again? I no longer have any of my old subscription info, and opt-out instructions aren't included in the e-mails like other e-mail forums I use. Thanks, Kyle __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
RE: Errors with firefox
and with explorer too. Hello out there, [EMAIL PROTECTED] said: had exactly the same problem when I compile my new Apache server (2.2.0) with mod_ssl. To be short, I think you are using the packaged OpenSSL. I fixed the problem by re-compiling the OpenSSL on the system with shared option, but first remove the pre-installed OpenSSL package. I've got the same problem. I compiled openssl-0.9.8a with Sun Forte Studio 10. doesn't matter, problem remains. For the record. Created our own root-CA, signed it by himself, Created server-certificate and signed it by the just created root-CA. Loaded the root-CA into firefox/explorer and configured apache with the server-certificate without errors. firefox and explorer complain with unknown error, when initiated https-request. On command-line, I've verified the certificate with openssl verify -issuer_checks -CApath /var/opt/openssl /etc/opt/apache2/ssl.crt/server.crt which results in error 29 at 0 depth lookup:subject issuer mismatch That seems the main problem. Perhaps the creation of our root-CA/server-cert process isn't correct. Or 0.9.8a isn't as tolerant as 0.9.7. (we followed the same procedure, as with 0.9.7 a year ago.) So it's an openssl-problem. The web suggestes, that organisation-name of certificate and root-CA should be different in each/all parts of the name. But I'm a little bit unwilling to accept this argument, because it's unresonable to me. One difference should be sufficient. That the case in our process. Thanks for commenting Klaus -- Sure, vi is user friendly. It's just particular about who it makes friends with. ;-) _ Klaus Elsbernd; System Administrator, BOFH| [EMAIL PROTECTED] Deutsches Forschungsz. für Künstliche Intelligenz | DFKI GmbH, Geb. 57/285 67657 Kaiserslautern; Germany Fernruf: 0631/205-3486 Fernbild: -3457 pgp4W6mgZpFRg.pgp Description: PGP signature
Re: Back in the ModSSL group?
Kyle wrote on 01/23/06 06:55: Hi, I quit this forum a while back, and today I am suddenly receiving e-mails again. What's going on? How did I get back in the group? Ditto here. Can someone tell me how to opt-out again? I no longer have any of my old subscription info, and opt-out instructions aren't included in the e-mails like other e-mail forums I use. It says Automated List Manager[EMAIL PROTECTED] At the bottom of the mails. Just send an email to that address, and you get the usual majordomo help email with unsubscribe info. I agree, though, that this should not have happened in the first place. -Joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Back in the ModSSL group?
It happened to me as well. - Original Message - From: Joachim Feise [EMAIL PROTECTED] To: modssl-users@modssl.org Sent: Monday, January 23, 2006 11:56 AM Subject: Re: Back in the ModSSL group? Kyle wrote on 01/23/06 06:55: Hi, I quit this forum a while back, and today I am suddenly receiving e-mails again. What's going on? How did I get back in the group? Ditto here. Can someone tell me how to opt-out again? I no longer have any of my old subscription info, and opt-out instructions aren't included in the e-mails like other e-mail forums I use. It says Automated List Manager[EMAIL PROTECTED] At the bottom of the mails. Just send an email to that address, and you get the usual majordomo help email with unsubscribe info. I agree, though, that this should not have happened in the first place. -Joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Back in the ModSSL group?
ditto __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
RE: Back in the ModSSL group?
I am just happy to see the list back since it hasn't worked in a few months Jeff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: Back in the ModSSL group?
Until the me toos this list received about 1 mail a month...On 1/23/06, Peter Reilly [EMAIL PROTECTED] wrote:It happened to me as well.- Original Message -From: Joachim Feise [EMAIL PROTECTED]To: modssl-users@modssl.orgSent: Monday, January 23, 2006 11:56 AMSubject: Re: Back in the ModSSL group? Kyle wrote on 01/23/06 06:55: Hi, I quit this forum a while back, and today I am suddenly receiving e-mails again.What's going on?How did I get back in the group? Ditto here. Can someone tell me how to opt-out again?I no longer have any of my old subscription info, and opt-out instructions aren't included in the e-mails like other e-mail forums I use. It says Automated List Manager[EMAIL PROTECTED] At the bottom of the mails. Just send an email to that address, and you get the usual majordomo help email with unsubscribe info. I agree, though, that this should not have happened in the first place. -Joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing Listmodssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]__Apache Interface to OpenSSL (mod_ssl) www.modssl.orgUser Support Mailing Listmodssl-users@modssl.orgAutomated List Manager[EMAIL PROTECTED]-- But we also know the dangers of a religion that severs its links with reason and becomes prey to fundamentalism --Cardinal Paul PoupardIt morphs into the Republican party!-- BJ
Re: Back in the ModSSL group?
BJ Swope wrote: Until the me toos this list received about 1 mail a month... And generally about old versions of the module. -- Phil Ehrens [EMAIL PROTECTED]| Fun stuff: The LIGO Laboratory, MS 18-34 | http://www.ralphmag.org California Institute of Technology| http://www.yellow5.com 1200 East California Blvd.| http://www.tokyotosho.com Pasadena, CA 91125 USA| My gpg public key: Phone:(626)395-8518 Fax:(626)793-9744 | http://www.imbe.net/peligo.asc __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]