Re: OpenSSL verion from mod_ssl statically compiled into httpd?

2007-06-07 Thread Vishal . Bhalla 




Thanks for the reply Zareh, but still no joy :-(

We DO have old libraries on the box, but when compiling apache (after
setting SSL_BASE),
The output does show:
.
.
  + SSL library version: OpenSSL 0.9.8e 23 Feb 2007
.
.
Running a strings on httpd shows:

OpenSSL 0.9.7b 10 Apr 2003
SSLv2 part of OpenSSL 0.9.8e 23 Feb 2007
TLSv1 part of OpenSSL 0.9.8e 23 Feb 2007
OpenSSL 0.9.8e 23 Feb 2007
SSLv3 part of OpenSSL 0.9.8e 23 Feb 2007
Big Number part of OpenSSL 0.9.8e 23 Feb 2007
RSA part of OpenSSL 0.9.8e 23 Feb 2007
Diffie-Hellman part of OpenSSL 0.9.8e 23 Feb 2007
Stack part of OpenSSL 0.9.8e 23 Feb 2007
lhash part of OpenSSL 0.9.8e 23 Feb 2007
EVP part of OpenSSL 0.9.8e 23 Feb 2007
ASN.1 part of OpenSSL 0.9.8e 23 Feb 2007
X.509 part of OpenSSL 0.9.8e 23 Feb 2007
MD2 part of OpenSSL 0.9.8e 23 Feb 2007
MD5 part of OpenSSL 0.9.8e 23 Feb 2007
SHA1 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-256 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-512 part of OpenSSL 0.9.8e 23 Feb 2007
DES part of OpenSSL 0.9.8e 23 Feb 2007
libdes part of OpenSSL 0.9.8e 23 Feb 2007
RC2 part of OpenSSL 0.9.8e 23 Feb 2007
RC4 part of OpenSSL 0.9.8e 23 Feb 2007
IDEA part of OpenSSL 0.9.8e 23 Feb 2007
DSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDH part of OpenSSL 0.9.8e 23 Feb 2007
RAND part of OpenSSL 0.9.8e 23 Feb 2007
PEM part of OpenSSL 0.9.8e 23 Feb 2007
CONF part of OpenSSL 0.9.8e 23 Feb 2007
CONF_def part of OpenSSL 0.9.8e 23 Feb 2007

As you can see from the top line, 0.9.7b is comming in from [EMAIL PROTECTED]

Question, is the output of this LogFormat line an accurate reflection of
what version of openssl was compiled into httpd?:

   CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x
%{SSL_VERSION_INTERFACE}x"

I'll try and move those libs out of the way, and re-compile



|-+->
| |   Zareh |
| |   <[EMAIL PROTECTED]|
| |   > |
| |   Sent by:  |
| |   owner-modssl-users|
| |   @modssl.org   |
| | |
| | |
| |   06/06/2007 06:10  |
| |   Please respond to |
| |   modssl-users  |
| | |
|-+->
  
>--|
  |<
 |
  |   To:   modssl-users@modssl.org<
 |
  |   cc:   
 |
  |   Subject:  Re: OpenSSL verion from mod_ssl statically compiled into 
httpd?  |
  
>--|




Hi Vishal,

I seem to remember running into this a while back, it turned out that I had
old ssl libs in /usr/local/ssl and apache's build scripts were picking them
up. instead of /usr/local/openssl - I can't remember what I did to get them
to compile with the newer openssl libs, but here are a few things you could
try:

1) Set the following in your environment before you build apache/mod_ssl

SSL_BASE=/usr/local/openssl  (wherever the libs are you want to compile
against)
export SSL_BASE

2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and
move them into another directory. Build apache/mod_ssl - then just untar
the old libs back into place.
... kinda messy though :)

- Original Message 
From: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
To: modssl-users@modssl.org
Sent: Monday, June 4, 2007 8:52:34 AM
Subject: OpenSSL verion from mod_ssl statically compiled into httpd?





Question: How do I find out the version of openssl used by my httpd that
has mod_ssl statically compiled into it?

"HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can
get anything is to use the following in the Apache conf:

CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x %{SSL_VERSION_INTERFACE}x"

Is this accurate, and can it be trusted? I ask because I recompiled
apache/mod_ssl using openssl 0.9.8c and the version the above showed in the
logs was older: 0.9.7b, which isn't installed on the box...?

My LD_LIBRARY path was set to /usr/local/ssl/lib, which contained:

engines/
libcrypto.a
libcrypto.so
libcrypto.so.0.9.8*
libssl.a
libssl.so
libssl.so.0.9.8*
pkgconfig/

It's an old setup that I've inherited from people who have all left now :-(
The source files and the way in which this was compiled have gone.

To be honest, I'm a bit confused as to the whole ssl

Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)

2007-06-07 Thread Sven Geisler 
Hi Mark,

Do you have KeepALive on in you server config for this browser?

Sven.


Mark Beiley schrieb:
> Hello,
> 
> Several customers are not able to access my server via HTTPS.  Their
> browser
> just sits there, and doesn't display anything.  I've determined the common
> properties of these cases to be:
> 
> Windows XP (all of them without SP2)
> Internet Explorer 6
> 
> I can see their requests show up fine in my log files, without errors.
> These customers can visit other HTTPS sites.  My site works fine for the
> vast majority of people.  I'm stumped on the next step to try and debug
> the problem.  Any suggestions?
> 
> My server configuration:
> Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
> 
> For an example URL, try: https://www.beileysoftware.com/handy.html
> 
> Thanks,
> Mark
> http://www.beiley.com
> 
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  modssl-users@modssl.org
> Automated List Manager[EMAIL PROTECTED]

-- 
Sven Geisler <[EMAIL PROTECTED]>   Tel +49.30.921017.81  Fax .50
Senior Developer, AEC/communications GmbH & Co. KG Berlin, Germany
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)

2007-06-07 Thread Mark Beiley 

Hi Sven,

Thanks for the reply.  I believe I have KeepAlive off for this browser.
In my ssl.conf file I have:

SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0

Thanks,
Mark
http://www.beiley.com




Hi Mark,

Do you have KeepALive on in you server config for this browser?

Sven.


Mark Beiley schrieb:

Hello,

Several customers are not able to access my server via HTTPS.  Their
browser
just sits there, and doesn't display anything.  I've determined the 
common

properties of these cases to be:

Windows XP (all of them without SP2)
Internet Explorer 6

I can see their requests show up fine in my log files, without errors.
These customers can visit other HTTPS sites.  My site works fine for the
vast majority of people.  I'm stumped on the next step to try and debug
the problem.  Any suggestions?

My server configuration:
Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP

For an example URL, try: https://www.beileysoftware.com/handy.html

Thanks,
Mark
http://www.beiley.com 


__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]

Re: OpenSSL verion from mod_ssl statically compiled into httpd?

2007-06-07 Thread Vishal . Bhalla 




Hi guys,

Is there a definitive way of finding out the version of OpenSSL used by
httpd, with mod_ssl statically compiled into it.

Thanks!



|-+->
| |   [EMAIL PROTECTED]|
| |   om|
| |   Sent by:  |
| |   owner-modssl-users|
| |   @modssl.org   |
| | |
| | |
| |   07/06/2007 13:59  |
| |   Please respond to |
| |   modssl-users  |
| | |
|-+->
  
>--|
  |<
 |
  |   To:   modssl-users@modssl.org<
 |
  |   cc:   modssl-users@modssl.org, [EMAIL PROTECTED]  
 |
  |   Subject:  Re: OpenSSL verion from mod_ssl statically compiled into 
httpd?  |
  
>--|








Thanks for the reply Zareh, but still no joy :-(

We DO have old libraries on the box, but when compiling apache (after
setting SSL_BASE),
The output does show:
.
.
  + SSL library version: OpenSSL 0.9.8e 23 Feb 2007
.
.
Running a strings on httpd shows:

OpenSSL 0.9.7b 10 Apr 2003
SSLv2 part of OpenSSL 0.9.8e 23 Feb 2007
TLSv1 part of OpenSSL 0.9.8e 23 Feb 2007
OpenSSL 0.9.8e 23 Feb 2007
SSLv3 part of OpenSSL 0.9.8e 23 Feb 2007
Big Number part of OpenSSL 0.9.8e 23 Feb 2007
RSA part of OpenSSL 0.9.8e 23 Feb 2007
Diffie-Hellman part of OpenSSL 0.9.8e 23 Feb 2007
Stack part of OpenSSL 0.9.8e 23 Feb 2007
lhash part of OpenSSL 0.9.8e 23 Feb 2007
EVP part of OpenSSL 0.9.8e 23 Feb 2007
ASN.1 part of OpenSSL 0.9.8e 23 Feb 2007
X.509 part of OpenSSL 0.9.8e 23 Feb 2007
MD2 part of OpenSSL 0.9.8e 23 Feb 2007
MD5 part of OpenSSL 0.9.8e 23 Feb 2007
SHA1 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-256 part of OpenSSL 0.9.8e 23 Feb 2007
SHA-512 part of OpenSSL 0.9.8e 23 Feb 2007
DES part of OpenSSL 0.9.8e 23 Feb 2007
libdes part of OpenSSL 0.9.8e 23 Feb 2007
RC2 part of OpenSSL 0.9.8e 23 Feb 2007
RC4 part of OpenSSL 0.9.8e 23 Feb 2007
IDEA part of OpenSSL 0.9.8e 23 Feb 2007
DSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDSA part of OpenSSL 0.9.8e 23 Feb 2007
ECDH part of OpenSSL 0.9.8e 23 Feb 2007
RAND part of OpenSSL 0.9.8e 23 Feb 2007
PEM part of OpenSSL 0.9.8e 23 Feb 2007
CONF part of OpenSSL 0.9.8e 23 Feb 2007
CONF_def part of OpenSSL 0.9.8e 23 Feb 2007

As you can see from the top line, 0.9.7b is comming in from [EMAIL PROTECTED]

Question, is the output of this LogFormat line an accurate reflection of
what version of openssl was compiled into httpd?:

   CustomLog /tmp/ssl.log "%{SSL_VERSION_LIBRARY}x
%{SSL_VERSION_INTERFACE}x"

I'll try and move those libs out of the way, and re-compile



|-+->
| |   Zareh |
| |   <[EMAIL PROTECTED]|
| |   > |
| |   Sent by:  |
| |   owner-modssl-users|
| |   @modssl.org   |
| | |
| | |
| |   06/06/2007 06:10  |
| |   Please respond to |
| |   modssl-users  |
| | |
|-+->

>--|

  |<
|
  |   To:   modssl-users@modssl.org<
|
  |   cc:
|
  |   Subject:  Re: OpenSSL verion from mod_ssl statically compiled
into httpd?  |

>--|





Hi Vishal,

I seem to remember running into this a while back, it turned out that I had
old ssl libs in /usr/local/ssl and apache's build scripts were picking them
up. instead of /usr/local/openssl - I can't remember what I did to get them
to compile with the newer openssl libs, but here are a few things you could
try:

1) Set the following in your environment before you build apache/mod_ssl

SSL_BASE=/usr/local/openssl  (wherever the libs are you want to compile
against)
export SSL_BASE

2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and
move them into another directory. Build apache/mod_ssl - then just untar
the old libs back

Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)

2007-06-07 Thread Sven Geisler 
Hi Mark,

Did you try Google ?
I guess, the root certificate causes the trouble.

Sven.

Mark Beiley schrieb:
> Hi Sven,
> 
> Thanks for the reply.  I believe I have KeepAlive off for this browser.
> In my ssl.conf file I have:
> 
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> 
> Thanks,
> Mark
> http://www.beiley.com
> 
> 
> 
>> Hi Mark,
>>
>> Do you have KeepALive on in you server config for this browser?
>>
>> Sven.
>>
>>
>> Mark Beiley schrieb:
>>> Hello,
>>>
>>> Several customers are not able to access my server via HTTPS.  Their
>>> browser
>>> just sits there, and doesn't display anything.  I've determined the
>>> common
>>> properties of these cases to be:
>>>
>>> Windows XP (all of them without SP2)
>>> Internet Explorer 6
>>>
>>> I can see their requests show up fine in my log files, without errors.
>>> These customers can visit other HTTPS sites.  My site works fine for the
>>> vast majority of people.  I'm stumped on the next step to try and debug
>>> the problem.  Any suggestions?
>>>
>>> My server configuration:
>>> Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
>>>
>>> For an example URL, try: https://www.beileysoftware.com/handy.html
>>>
>>> Thanks,
>>> Mark
>>> http://www.beiley.com 
> 
> __
> Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
> User Support Mailing List  modssl-users@modssl.org
> Automated List Manager[EMAIL PROTECTED]

-- 
Sven Geisler <[EMAIL PROTECTED]>   Tel +49.30.921017.81  Fax .50
Senior Developer, AEC/communications GmbH & Co. KG Berlin, Germany
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]