Is this a bug or did I miss some docs?
Hello... While tracking down a bug on our web site, I found the solution: adding SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 This is documented. The problem was that this was in the global httpd.conf file in a stanza. To get this to work I had to add it to my specific stanza: ServerName www.pricegrabber.com SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 This is easy to test using the SSLCipherSuite ... config in SSLCipherSuite -ALL ... The site still works. Not until I add SSLCipherSuite -ALL to the specific stanza does https break. Did I just miss the documentation for this? versions: mod_ssl-2.8.11-0.01pg apache-1.3.27-0.27pg openssl-0.9.6b-28 from my main httpd.conf file I: 'include include.d' and have seperate files for individual sites, i.e. include.d/httpd.conf.pg.ssl -- Christopher McCrory <[EMAIL PROTECTED]> Pricegrabber __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache, https, ie downloading pdf's word docs etc...
Hello... Do you have a section that contains: SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 then have a: ServerName www.example.com DocumentRoot /SOME/PATH ? ? ? If so try adding the 'SetEnvIf' the the www.example.com virtualhost entry. Does it work? I posted that this was a bug several days ago, but it could just be me. On Fri, 2002-11-22 at 13:09, Ian Moon wrote: > I can download pdf's and doc files no problem using mozilla using > both http and https, but I can only access them with http when using > ie 6. > > I have tried all of the suggestions at .. > http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49 > > and scoured the groups and web for other things to try but none > have been successfull. > > Running: Apache 1.3.27, mod_ssl 2.8.11, > > Any suggestions or other readings would be greatly appreciated. > > > Ian Moon > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] -- Christopher McCrory "The guy that keeps the servers running" [EMAIL PROTECTED] http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl & mod_proxy
Hello... On Thu, 2002-12-05 at 10:12, HMajidy wrote: > This is to report a problem with Apache with mod_ssl and mod_proxy, > and to request the communitys help in resolving it. > > > > Objective: The objective is to set up Apache as a reverse proxy, to > receive encrypted HTTPS traffic over the Internet and to convert it to > HTTP and direct it to a web server through a firewall. > >From what I see, you don't have a proxypass directive, ala: ProxyPass/foohttp://cruella.pricegrabber.com/foo ProxyPassReverse /foohttp://cruella.pricegrabber.com/foo > > > Problem: Apache seems to be redirecting traffic to the virtual hosts > on the local filesystem correctly, but mod_proxy does not seem to send > requests to remote URL (as specified by ProxyRemote directive below). > SSL does display correct certificate from requesting browser. > > > > Troubleshooting Steps Taken: Experimenting with the target URL (IP and > hosname) and various proxy directives (ie ProxyPassReverse, ProxyPass) > I have not been able to establish that proxy is doing anything at all. > > Apache has been recompiled with mod_ssl and mod_proxy as DSOs as well > as statically linked in modules. > > > > Heres the system configuration: > > Linux version 2.2.16-22smp > > gcc version egcs-2.91.66 > > Server version: Apache/1.3.27 (Unix) > > Compiled-in modules: > > http_core.c > > mod_env.c > > mod_log_config.c > > mod_mime.c > > mod_negotiation.c > > mod_status.c > > mod_include.c > > mod_autoindex.c > > mod_dir.c > > mod_cgi.c > > mod_asis.c > > mod_imap.c > > mod_actions.c > > mod_userdir.c > > mod_alias.c > > mod_access.c > > mod_auth.c > > mod_proxy.c > > mod_setenvif.c > > mod_ssl.c > > OpenSSL 0.9.6g 9 August 2002 > > > > httpd.conf > > AddModule mod_proxy.c > > > > ProxyRequests off > > NoCache * > > AllowCONNECT 443,80 > > > > Order Allow,Deny > > Allow from All > > > > ProxyRemote * http://1.2.3.4:85 > > > > NameVirtualHost * > > Listen *:443 > > > > SSLEngine on > > ServerName www.mydomain.com > > DocumentRoot /usr/local/apache/htdocs > > ErrorLog logs/443-error_log > > > > Listen *:80 > > > > ServerAdmin [EMAIL PROTECTED] > > DocumentRoot /usr/local/apache/www > > ServerName www1.mydomain.com > > ErrorLog logs/80-error_log > > > > > > Can anyone see a conflict or omission in this configuration? Does > anyone have these two modules working together in a reverse proxy > scenario? Any help or suggestions would be appreciated. > > > > Regards, > > Hamid. > > > > PS. Please reply to [EMAIL PROTECTED] as well as to this list. -- Christopher McCrory <[EMAIL PROTECTED]> Pricegrabber __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
problems with WebTV
Hello... We are having SSL problems with WebTV clients. Static pages seem to work, but POSTs seem to break with the following SSL error: [Thu Jan 23 11:18:01 2003] [error] mod_ssl: SSL handshake failed: HTTP spoken on HTTPS port; trying to send HTML error page (OpenSSL library error follows) [Thu Jan 23 11:18:01 2003] [error] OpenSSL: error:1407609C:lib(20):func(118):reason(156) What voodoo do I need to adjust for this 0.01% of the market browser? ;) Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_gzip/1.3.26.1a PHP/4.3.0 mod_ssl/2.8.12 OpenSSL/0.9.6b -- Christopher McCrory "The guy that keeps the servers running" [EMAIL PROTECTED] http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: problems with WebTV
Hello... On Fri, 2003-01-24 at 05:18, Kevin wrote: > WebTV has been behind all other browsers for years. Their JavaScript VM > was so bad, that we actually checked for WebTV within the client and use a > JavaScript POPUP that stated that our site would not work. My guess is, > this is just another area that did not get implemented. I might add some > client code to check for WebTV and change all URL targets dynamically to > just use HTTP. Let me know if you need help in that area. > I found the problem. One of the POST URLs was relative. WebTV interpeted this "/somepage.php" as "http://www.pricegrabber.com:443/somepage.php"; :( After I posted, I reread the error. "...HTTP spoken on HTTPS..." That pointed me in the right direction. "log files are your friend" > Peace, > KevinK > > - Original Message - > From: "Christopher McCrory" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, January 23, 2003 2:36 PM > Subject: problems with WebTV > > > > Hello... > > > > We are having SSL problems with WebTV clients. Static pages seem to > > work, but POSTs seem to break with the following SSL error: > > > > [Thu Jan 23 11:18:01 2003] [error] mod_ssl: SSL handshake failed: HTTP > > spoken on HTTPS port; trying to send HTML error page (OpenSSL library > > error follows) > > > > [Thu Jan 23 11:18:01 2003] [error] OpenSSL: > > error:1407609C:lib(20):func(118):reason(156) > > > > What voodoo do I need to adjust for this 0.01% of the market browser? ;) > > > > Server: Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_gzip/1.3.26.1a > > PHP/4.3.0 mod_ssl/2.8.12 OpenSSL/0.9.6b > > > > > > -- > > Christopher McCrory > > "The guy that keeps the servers running" > > > > [EMAIL PROTECTED] > > http://www.pricegrabber.com > > > > Let's face it, there's no Hollow Earth, no robots, and > > no 'mute rays.' And even if there were, waxed paper is > > no defense. I tried it. Only tinfoil works. > > > > > > __ > > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > > User Support Mailing List [EMAIL PROTECTED] > > Automated List Manager [EMAIL PROTECTED] > > > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] -- Christopher McCrory "The guy that keeps the servers running" [EMAIL PROTECTED] http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Verisign CA cert problem
On Wed, 2004-05-19 at 09:46, Bill MacAllister wrote: > Hello, > > I am having problems with a brand new Verisign 128 bit certificate that has > just be purchased. I have installed the certificate and the intermediate > CA cert on an Apache 1.3.31/mod_ssl 2.8.17/openssl 0.9.7d instance. > Did you get a new intermediate cert (intermediate.crt) from Verisign also? This also goes in the apache config. directions somewhere on verisigns site. > What I am seeing is the Netscape and Mozilla connect to the site just fine. > When I connect to the site with IE 6 the security window pops up telling be > that the certificate has either expired or is not valid yet. When I look > at the certificate the intermediate CA cert that IE is using is the expired > cert that was installed with IE. I tried removing the old intermediate CA > cert from IE altogether and it still will not load the intermediate CA cert > from my server. > > I am not really sure what to try at this point. Oh, yes, Verisign support > has been pretty much useless. > > Help suggestions will be greatly appreciated. > > Bill > > +--- > | Bill MacAllister > | 14219 Auburn Road > | Grass Valley, CA 95949 > | 530-272-8555 > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] -- Christopher McCrory "The guy that keeps the servers running" [EMAIL PROTECTED] http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]