Re: Apache_1.3.20 with Mod_SSL 2.8.4 on a Solaris 2.6 system..
Hi, How do I use the dbm in Windows 2000 for SSLSessionCache (what is the syntax)? How do I find out whether the Windows 2000 has DBM working? Thanks Rajaram. I think you cannot use two kinds of SSLSessionCache togheter. > SSLSessionCache dbm:/opt/apache/var/run/ssl_scache > > SSLSessionCacheshm:/opt/apache/var/run/ssl_scache(512000) Anyway, shm is not working on all platforms. Try dbm instead. --- Cordiali saluti / Best regards Andrea Cerrito ^^ Net.Admin @ Centro MultiMediale di Terni S.p.A. P.zzale Bosco 3A 05100 Terni IT Tel. +39 744 5441330 Fax. +39 744 5441372 __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
IE Connectivity Issue
Hi , I have been following the list closely for the IE related issues which give "Server not found / DNS Error" but could not find an answer for the problem I have. I have Apache 1.3.14 with OpenSSL - v 0.9.6 and modSSL 2.7.2 running on a Win2000 m/c with a Verisign Global certificate installed. The application gets the dreaded - "The page can not be displayed ..Server not found or DNS error " when I try to access the "https" page over the dial up connectivity. This problem too does not happen with all the dial up connections. I have seen the problem when I tried to access using Compuserve and MSN. I have been trying to find an answer for this problem for a few months now but have no clue on what the approach should be. The problem is that there is NO entry for the failed access on the apache log files. I am not able to identify whether this is a network issue or an apache configuration issue. Here's the SSL connectivity configuration piece from my Httpd.conf file. Thanks, Rajaram. - --- --- -- --- - - # # The following directives modify normal HTTP response behavior. # The first directive disables keepalive for Netscape 2.x and browsers that # spoof it. There are known problems with these browser implementations. # The second directive is for Microsoft Internet Explorer 4.0b2 # which has a broken HTTP/1.1 implementation and does not properly # support keepalive when it is used on 301 or 302 (redirect) responses. # BrowserMatch "Mozilla/2" nokeepalive #BrowserMatch "MSIE 4\.0b2;" nokeepalive downgrade-1.0 force-response-1.0 #BrowserMatch "MSIE 4\.0;" nokeepalive downgrade-1.0 force-response-1.0 #BrowserMatch "MSIE 5\.0;" nokeepalive downgrade-1.0 force-response-1.0 # # The following directive disables HTTP/1.1 responses to browsers which # are in violation of the HTTP/1.0 spec by not being able to grok a # basic 1.1 response. # BrowserMatch "RealPlayer 4\.0" force-response-1.0 BrowserMatch "Java/1\.0" force-response-1.0 BrowserMatch "JDK/1\.0" force-response-1.0 JkMount /*.jsp ajp13 JkMount /servlet/* ajp13 JkMount /otherworker/*.jsp remoteworker SSLMutex sem SSLRandomSeed startup builtin SSLSessionCache dbm:/sslcache SSLSessionCacheTimeout 300 SSLLog logs/SSL.log SSLVerifyClient 0 SSLVerifyDepth 10 SSLOptions +FakeBasicAuth SSLLogLevel error # ##Addition Complete # You can later change "info" to "warn" if everything is OK SSLEngine On SSLCertificateFile conf/ssl/dcntws01.newpower.com.cert SSLCertificateKeyFile conf/ssl/dcntws01.newpower.com.key #Added on 04092001 by Rajaram. SSLCACertificateFile conf/ssl/dcntws01gsid.cert SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSLCertificateChain file for Intermediate CA
Hi Damon,
Could you please put in the corrected part of your httpd.conf file - all
the directives that are relavant to SSL connections.
I am interested in looking at the corrected piece ( and commented pieces as
well).
Rajaram.
To: [EMAIL PROTECTED]
cc:
Subject:Re: SSLCertificateChain
file for Intermediate CA
Damon Maria <[EMAIL PROTECTED]>
05/22/01 08:42 PM
Please respond to modssl-users
--+
I think I've solved my problem and would just like to post the answer
for someone else's reference.
The offending line is:
SSLProtocol -all +SSLv2
If I take that line out mod_ssl can load the certificate chain. I
presume there's a good reason for this (chains require SSLv3 at a
guess)?
SSLProtocol was originally added because we just couldn't get around
problems with MSIE 4.x connecting with SSL. Although it is a big hack,
the suggested SSL changes in the mod_ssl FAQ just didn't work for us.
I've since removed the SSLProtocol, added a SSL session cache and added
+eNULL to the end of the SSLCipherSuite. Now I'm just waiting to see if
MSIE 4.x users can still connect.
I've also recently seen talk of
SSLRequire %{SSL_CIPHER} >= 128
solving the MSIE SGC bug. Has someone confirmed this to be true?
thanks for the help,
Damon.
> -- VirtualHost
> ServerName www.motorweb.co.nz
>
> SSLEngine on
>
> # The following hopefully get around the MSIE 4.x and 5.0 SGC bug
> # SSLCipherSuite
> ALL:!ADH:!EXPORT56:!SSLv3+EXP:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
> # The following defintely gets around the MSIE 4.x and 5.0 SGC bug but
> SSLProtocol -all +SSLv2
> SSLCipherSuite SSLv2:+HIGH:+MEDIUM:+LOW:+EXP
>
> SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
> # SSLCertificateChainFile /etc/httpd/conf/ssl.crt/intermediate_ca.crt
>
> # SSLLog /var/log/httpd/ssl_engine_log
> # SSLLogLevel debug
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog /var/log/httpd/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
RE: SSLProtocol all -SSLv3 having no effect on ie 5 behavior--Solved
I guess I had asked this previously as well, does anyone know how to define the SSLSessionCache in Windows environment. I do not know whether my NT M/c supports DBM or not! What is meant by dbm?? Rajaram To: <[EMAIL PROTECTED]> cc: Subject:RE: SSLProtocol all -SSLv3 having no effect on ie 5 behavior--Solved "Rudy Aceves" <[EMAIL PROTECTED]> 05/04/01 05:06 PM Please respond to modssl-users --+ I used to have the same problem (if I remember correctly). I defined these settings and everything works pretty good. --- >8 8< --- SSLSessionCache dbm:/var/log/httpd/ssl_scache SSLSessionCacheTimeout 600 SSLMutex file:/var/log/httpd/ssl_mutex SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown --- >8 8< --- along with the standard stuff like: SSLEngine on, etc... You'll have to modify the directory paths to fit you env. Cheers, - Rudy. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Greg Hamilton Sent: Thursday, April 26, 2001 6:15 PM To: [EMAIL PROTECTED] Subject: RE: SSLProtocol all -SSLv3 having no effect on ie 5 behavior--Solved This seems similar to a problem I'm having. I have a 128bit Verisign certificate. I'm using Apache 1.3.14 (Win32), PHP/4.0.4pl1, mod_ssl/2.7.2 OpenSSL/0.9.6 IE5.0 users can't connect even with the 128bit encryption pack installed unless they are using NT4.0 with the high encryption version of service pack 6 installed. IE5.5 is ok as are version of Netscape >= 4.7 What SSL settings should I have in httpd.conf ? -Original Message- From: Tim Taylor [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 25, 2001 2:34 AM To: [EMAIL PROTECTED] Subject: RE: SSLProtocol all -SSLv3 having no effect on ie 5 behavior--Solved That Worked The session cache settings were what I needed. Thanks for the response/ Tim Taylor __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Strange problem with IE5.0 and SSLv3
How do I mention this SSLSessionCache in Windows NT? All places I found the
syntax looked like it is for Unix platform.
-Rajaram
To: <[EMAIL PROTECTED]>
cc:
Subject:RE: Strange problem with
IE5.0 and SSLv3
"David Rees" <[EMAIL PROTECTED]>
05/02/01 04:07 PM
Please respond to modssl-users
--+
You have no SSLSessionCache defined.
Add one, and everything should work OK.
MSIE isn't happy without SSL Session caching.
-Dave
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Erik Boles
> Sent: Wednesday, May 02, 2001 1:56 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Strange problem with IE5.0 and SSLv3
>
>
> Sorry about that, here is our modssl config.
>
>
>
>
> Listen 443
>
>
> DocumentRoot /www/sites/secure
> ServerName < our server name here >
> ServerAdmin [EMAIL PROTECTED]
> ErrorLog /www/logs/httpd/error_log-ssl
> TransferLog /www/logs/httpd/access_log-ssl
> SSLEngine on
> SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
> SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
> #SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
> #SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key
> #SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca.crt
> #SSLCACertificatePath /etc/httpd/conf/ssl.crt
> #SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
> #SSLCARevocationPath /etc/httpd/conf/ssl.crl
> #SSLCARevocationFile /etc/httpd/conf/ssl.crl/ca-bundle.crl
> #SSLVerifyClient require
> #SSLVerifyDepth 10
> SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
>
> SSLOptions +StdEnvVars
>
>
> SSLOptions +StdEnvVars
>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> CustomLog /var/log/httpd/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
>
>
>
>
>
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of David Rees
> Sent: Wednesday, May 02, 2001 12:27 PM
> To: [EMAIL PROTECTED]
> Subject: RE: Strange problem with IE5.0 and SSLv3
>
>
> Can you post your entire mod_ssl configuration? This is difficult to
> diagnose without seeing.
>
> -Dave
>
> > -Original Message-
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Erik Boles
> >
> > I have read several FAQ's and done some research regarding the
> problem IE
> > 5.0 has with modssl and allowing users to view a page, made a few
> > changes to
> > httpd.conf and still have the same problem.
> >
> > Using IE5 you can go view a secure page without a problem, but if
> > you click
> > the back button, then go to the link again, it gives a "Page cannot be
> > displayed" error. You must quit the browser and re-launch it to
> > correct the
> > problem, OR disable SSLv3 in the browser.
> >
> > We have tried adding the -SSLv3 to the SSLCipherSuite line in
> > httpd.conf but
> > it didn't make any difference.
> >
> > Any input or URL's to visit regarding the fix to this would be greatly
> > appreciated. I apologize if this has been answered many times before,
I
> > couldn't find a slid answer to it.
>
> __
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
> __
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)
Mod_jk.so
I am trying to configure the Apache-tomcat combination to work with modSSL. Before that I want to make the mod_jk work properly for Apache and Tomcat to talk to each other. I am running on AIX 4.3 and when compiling the mod_jk file to create the mod_jk.so object, I get a compile error. Could anyone tell me how to do it or could anyone give me the file itself which I can use? When I run the apxs command to build mod_jk.so, I get an error. Here's the error : ld: 0711-244 ERROR: No csects or exported symbols have been saved. I am using Apache 3.14 and Tomcat 3.2.1 Any help is appreciated. Thanks, Rajaram. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: Apache and SSL in win NT
Hi, Please try the following URL : http://tud.at/programm/apache-ssl-win32-howto.php3 This has the way to setup modSSL/ OpenSSL for Apache on NT Rajaram. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: Apache + JServ + SSL
I am getting the same error when I use mod_jk as well. Can I try the same solution, with changes specific to mod_jk?? Or is there any different approach to solve this?? -Thanks, Rajaram. Jay Burgess cc: Sent by: Subject: RE: Apache + JServ + SSL owner-modssl-users@ modssl.org 04/20/01 11:04 AM Please respond to modssl-users > > If I well understand the message, I must recompile the JServ module > ApacheModuleJServ.dll) with -DEAPI option ... How can I do that (I know > that I must do it with Visual C++) ? Or where can I find a Apache version > compiled with -DEAPI option ? > Boy, this must be my day to answer questions. :) Here's what I just did last week, and it works for us. (1) Create a file called "configure.win32 "in the directory /sources/c. It should contain the following information (note the paths will have to be adjusted to match your setup): PACKAGE=ApacheJServ VERSION=1.1.2 APACHE_SRC=d:/servers/apache/src JAVA_HOME=d:/java/jdk1.2.2 JSDK_HOME=d:/java/jsdk2.0 EAPI=true (2) In the /sources/c directory, modify makefile.win32 as follows: Replace both instances of "CoreR" with "Release". Comment out the jserv.h build rule: #jserv.h: autochange.exe # @autochange PACKAGE=$(PACKAGE) VERSION=$(VERSION) < jserv.h.in > jserv.h (3) Rebuild JServ: nmake /f Makefile.win32 @configure.win32 (4) Copy the newly built ApacheModuleJServ.dll to the directory. Jay __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: modssl + http-1.1 works?
Could anyone please explain what is namebased and what is IP based? What are the differences and how they work for SSL connections handling? Can I use the following declaration for Virtual Host declaration with modSSL? I am having problems with IE Browsers ONLY while connecting from dial-up connections. I want to know whether this is any reason for that.! # # Use name-based virtual hosting. # #NameVirtualHost * SSLEngine On SSLCertificateFile conf/ssl/myserver.mydomain.com.cert SSLCertificateKeyFile conf/ssl/myserver.mydomain.com.key SSLCACertificateFile conf/ssl/myservergsid.cert SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP Thanks, Rajaram "Lars Schioler" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent by: cc: owner-modssl-users@Subject: Re: modssl + http-1.1 works? modssl.org 04/17/01 04:32 AM Please respond to modssl-users You're not able to run ssl on namebased virtual hosts, since the ssl negotiation takes place before resolving the host name. SSL requires an IP address, but you can off course run various VH on different ports. Lars Schiøler - Original Message - From: "Maarten van Lieshout" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, April 17, 2001 10:21 AM Subject: modssl + http-1.1 works? > Hi, > > Can anyone tell me if it is possible to use http 1.1 with modssl? We > want to set up an Apache webserver based on http 1.1 and will be using > ssl-sites with name-based virtual hosts. I know Apache can do this, but > I am not sure if it is supported by modssl. > > regards, > > Maarten van Lieshout > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Do I need an intermediate CA?
hI, I have a global certificate from Verisign. I have put it in using - SSLCertificateFile xxx.cert SSLCertificateKeyFile xxx.key directives. I want to know whether I still need to have an Intermediate Certificate downloaded from Verisign and how do I configure it? What is the purpose of IntermediateCA and when do I use it? What is the diffference between SSLCertificateChainFile and SSLCACertificateFile?? What do I need to do to set SSLCertificateChainFile? I am running Apache 3.14 with OpenSSL 0.9.6 AND ModSSL 2.7.2 on Win 2000. Please let me know. Thanks, Rajaram __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: IE Issues with SSL
Thanks Mike for that input. However, my worry is I am running on Windows. Hope Windows versions support the changes!!! I wanted to set up the SSLSessionCache as well and I am not sure whether what I am doing here - > SSLSessionCache dbm:/sslcache > SSLSessionCacheTimeout 300 is correct. I searched for a Windows specific command.. didn't find one! Meanwhile, what is SSLCertificateChain file? If I have a global Id, where will the intermediate 'pem' file can be found? Do I still need one?? Thanks in advance. Rajaram Michael Ott <[EMAIL PROTECTED]To: [EMAIL PROTECTED] iemens.de> cc: Sent by: Subject: Re: IE Issues with SSL owner-modssl-users@ modssl.org 04/04/01 03:07 AM Please respond to modssl-users hallo rajaram! try it with this. it works on a linux ( Apache_1.3.14, mod_ssl_2.7.2, openssl_0.9.6) > SSLMutex sem > SSLRandomSeed startup builtin > #Is this statement appropriate in windows?? > SSLSessionCache dbm:/sslcache > SSLSessionCacheTimeout 300 > > SSLLog logs/SSL.log > SSLLogLevel debug > # You can later change "info" to "warn" if everything is OK > > > SSLEngine On > SSLCertificateFile conf/ssl/abc.cert > SSLCertificateKeyFile conf/ssl/abc.key > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > downgrade-1.0 force-response-1.0 > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP > > SSLEngine on SSLCertificateFile /etc/httpd/conf/test-cert.pem SSLCertificateChainFile /etc/httpd/conf/test-intermediateca-cert.pem SSLCertificateKeyFile /etc/httpd/conf/test-key.pem SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLSessionCacheTimeout 15 SSLVerifyClient 0 SSLVerifyDepth 10 SSLOptions +FakeBasicAuth SSLLog /var/log/httpd/443_de/ssl.log SSLLogLevel error > Michael Ott - - Siemens AG - I&S IT PS 51 ERL - - Werner-von-Siemens-Strasse 60 - - 91050 Erlangen- - Tel. +49 91 31 7 42 0 54 - - [EMAIL PROTECTED] - - __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: SSL handshake interrupted
You may want to try it on Dialup connections... It might not even go through... I have the same problem with IE and now I am stuckwith the same error coming in consistently while trying through some dial-up connections!! "kreso" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent by: cc: owner-modssl-users@Subject: Re: SSL handshake interrupted modssl.org 04/06/01 08:28 PM Please respond to modssl-users We are using 5.50.4134.0100 MSIE The problem is that when we access secure site, we get rejected about 20% of times. The error message is the standard browser message: This page cannot be displayed at this time... etc... Once rejected, if we re-submit the request, just a second or less after the rejection - the very same request... the request will go through. Please let us know if you need more info, as this is very frustrating... Thanks - Original Message - From: "David Rees" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, April 06, 2001 7:57 PM Subject: RE: SSL handshake interrupted > What versions of MSIE, and what are the exact problems you are experiencing? > > -Dave > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of kreso > > Sent: Friday, April 06, 2001 4:40 PM > > To: [EMAIL PROTECTED] > > Subject: Re: SSL handshake interrupted > > > > > > Hello, > > > > this is the situation now: > > > > We are using: > > > > OpenSSL 0.9.6a 5 Apr 2001 > > mod_ssl-2.8.2-1.3.19 > > Apache 1.3.19 > > > > In httpd.conf we did insert the following: > > > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown > > downgrade-1.0 fo > > rce-response-1.0 > > > > SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2: +EXP > > > > SSLSessionCache dbm:/home/httpd/billcc/secure/log > > > > > > and we are still getting requests rejected, when using https. > > with MISE. > > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: apache, modssl, win32
Please try the following link and they have a good description of how to do things for Windows. I have tried to set up the same and it works!!! http://tud.at/programm/apache-ssl-win32-howto.php3 -Rajaram __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
IE Issues with SSL
Hi, I am having trouble ( as everyone else) with IE family of browsers connecting to a secure page When I am trying to access from dial-up connections, I am getting the dreaded - "server not found / DNS error" and nothing happens after that. Earlier I used to get this error occasionally for regular connection as well. But if I click on back button and submit again, it used to go through... Now, I do not see this problem in regular network but the Dial-up connection is giving the error consistently and there is no way out of that error. Here're my configs : Running on Win 2000 - Apache_1.3.14-mod_ssl_2.7.2-openssl_0.9.6-WIN32 And Tomcat 3.2.1 with Mod_jk as connector. Attached is the httpd conf snippet : SSLMutex sem SSLRandomSeed startup builtin #Is this statement appropriate in windows?? SSLSessionCache dbm:/sslcache SSLSessionCacheTimeout 300 SSLLog logs/SSL.log SSLLogLevel debug # You can later change "info" to "warn" if everything is OK SSLEngine On SSLCertificateFile conf/ssl/abc.cert SSLCertificateKeyFile conf/ssl/abc.key SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP When I set the SSLLogLevel to Debug and view the log, I see OpenSSL : I/O Error ... for the IE BROWSER. I went through all the mod-ssl list and applied most of the changes suggested but that doesn't seem to help. Please let me know if anyone has any idea why this is happening and how to solve this. Thanks, Rajaram __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
