Hi Daniel,
I have the SSL setup already as you have mentioned
except these two lines.
SSLVerifyClient require
SSLVerifyDepth 1
And moreover this erros I'm seeing in only one server.
In all other servers, this works perfectly fine.
Do I need to look for any machine specific things,
that could be causing the problem.
As of now, the problem has been seen only in this
configuration:
Windows 2000 Professional with Service Pack 3.
Any ideas ?
Thanks,
-Alaka
--- Daniel Kimblad <[EMAIL PROTECTED]>
wrote:
> Here follows a simple full server SSL setup for
> reference.
>
--
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl.crl
>
> SSLPassPhraseDialog builtin
> SSLSessionCache dbm:logs/ssl_scache
> SSLSessionCacheTimeout 300
>
> SSLMutex default
>
> SSLCertificateFile conf/ssl/www.yourdomain.com.crt
> SSLCertificateKeyFile
> conf/ssl/www.yourdomain.com.key
>
> SSLCACertificatePath conf/ssl
> SSLCACertificateFile conf/ssl/YourCA.crt
>
> SSLCARevocationFile conf/ssl/YourCA.crl
>
> SSLCipherSuite HIGH:MEDIUM
> SSLProtocol all -SSLv2
> SSLEngine on
>
> SSLVerifyClient require
> SSLVerifyDepth 1
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
>
--
> This will allow connections with SSLv3 and TLSv1
> from clients
> with proper certificates.
> To skip client auth just remove these two lines:
>
--
>
> SSLVerifyClient require
> SSLVerifyDepth 1
>
>
------
> Hope that was helpful.
>
> /Daniel, Gizmondo Studios
>
>
> - Original Message -
> From: "Alaka Pathy" <[EMAIL PROTECTED]>
> To:
> Sent: Tuesday, May 31, 2005 9:44 AM
> Subject: Getting 'no shared ciphers' while
> connecting to the server
>
>
> > Hi All,
> >
> > I'm using Apache 1.3.31 with mod_ssl 2.8.17 and
> > OpenSSL 0.9.7d binaries. I use RSA based self
> signed
> > certificates for SSL communication.
> > My httpd.conf has the following SSLCipherSuite
> > configured
> >
> > SSLSessionCacheTimeout 600
> > SSLOptions +StdEnvVars +ExportCertData
> > SSLCipherSuite
> >
>
ALL:!ADH:!EXPORT56:!EXPORT40:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> > But, in a freshly installed server, the server
> doesn't
> > accept any requests and I get the following errors
> > repeatedly in the Apache error log
> >
> > mod_ssl: SSL handshake failed (server
> > 198.149.32.40:443, client 198.149.32.32) (OpenSSL
> > library error follows)
> > [Mon May 23 13:37:43 2005] [error] OpenSSL:
> > error:1408A0C1:SSL
> routines:SSL3_GET_CLIENT_HELLO:no
> > shared cipher
> > [Hint: Too restrictive SSLCipherSuite or using DSA
> > server certificate?]
> >
> > I browsed the modssl FAQ and got, that sometimes
> > regenerating certificates helps. I regenerated the
> > server certificates, but I'm still facing the same
> > issue.
> >
> > Has anybody experienced such an error ? Any help
> is
> > appreciated.
> >
> > Thanks in advance,
> > -Alaka
> >
> > __
> > Do You Yahoo!?
> > Tired of spam? Yahoo! Mail has the best spam
> protection around
> > http://mail.yahoo.com
> >
>
__
> > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > User Support Mailing List
> modssl-users@modssl.org
> > Automated List Manager
> [EMAIL PROTECTED]
> >
>
>
>
__
> Apache Interface to OpenSSL (mod_ssl)
>www.modssl.org
> User Support Mailing List
> modssl-users@modssl.org
> Automated List Manager
> [EMAIL PROTECTED]
>
__
Do you Yahoo!?
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
