mod_ssl 2.8.12 + apache 1.3.26
Hello All, is there any problem running this combination (subj)? thanks -i- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: mod_ssl 2.8.12 + apache 1.3.26
Yes. You should use mod_ssl 2.8.12 and apache 1.3.27 as there is a security issue with apache 1.3.26 Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ihor Bilyy Sent: Friday, February 28, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: mod_ssl 2.8.12 + apache 1.3.26 Hello All, is there any problem running this combination (subj)? thanks -i- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: mod_ssl 2.8.12 + apache 1.3.26
additionally, each version of modssl is diff'ed against the version of apache it is designated for. There have been times I think Ralf has givien out probable ways to fit one modssl version into a newer apache release prior to the new modssl version, but has given warnings about certain things possibly being borked in the process. Thanks, Ron DuFresne On Fri, 28 Feb 2003, Jeff Bert wrote: Yes. You should use mod_ssl 2.8.12 and apache 1.3.27 as there is a security issue with apache 1.3.26 Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ihor Bilyy Sent: Friday, February 28, 2003 10:16 AM To: [EMAIL PROTECTED] Subject: mod_ssl 2.8.12 + apache 1.3.26 Hello All, is there any problem running this combination (subj)? thanks -i- __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] -- ~~ admin senior security consultant: sysinfo.com http://sysinfo.com Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation. -- Johnny Hart testing, only testing, and damn good at it too! __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl for Apache 1.3.26 on IBM AIX 5.1L
where can I find mod_ssl for Apache 1.3.26 running on IBM AIX 5.1L OS? THANKS! _ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Problem in mod_ssl 2.8.10 + Apache 1.3.26/WIn32 ?
Hello, We are experiencing problems with our Win32 Apache 1.3.26 with mod_ssl 2.8.10 + openssl 0.9.6b running on Windows 2000. It is a sort of DoS attacks that make our web site totally inaccessible. One of those attacks was captured with Ethereal. The dump is attached. As you can see, the attack is accomplished through both HTTP (80) and HTTPS (443) ports. First, the connection is opened to the HTTP port, then it is opened to the HTTPS port. Then a malformed HTTP/1.1 GET request (with no Host: header) is sent to the HTTP port. Then both connections are closed without waiting for the response from the web server. As a result, the web site stops responding on both HTTP and HTTPS ports. The error log usually contains records like: [..time..] [error] [client ..] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): / [..time..] [error] Server ran out of threads to serve requests. Consider raising the ThreadsPerChild setting Is this problem related to mod_ssl anyhow? Will an upgrade to Apache 1.3.27 + mod_ssl 2.8.11 + openssl 0.9.6g solve the problem? Regards attack.tcpdump Description: Binary data
Re: Problem in mod_ssl 2.8.10 + Apache 1.3.26/WIn32 ?
On Tue, Oct 15, 2002, Sergey Strakhov wrote about Problem in mod_ssl 2.8.10 + Apache 1.3.26/WIn32 ?: We are experiencing problems with our Win32 Apache 1.3.26 with mod_ssl 2.8.10 + openssl 0.9.6b running on Windows 2000. It is a sort of DoS attacks that make our web site totally inaccessible. From your description it sounds like this is the worm described in: http://www.cert.org/advisories/CA-2002-27.html However, to the best of my knowledge, this worm cannot infect your Windows - it will only kill your sever. Will an upgrade to Apache 1.3.27 + mod_ssl 2.8.11 + openssl 0.9.6g solve the problem? Yes, I think it will. -- Nadav Har'El| Tuesday, Oct 15 2002, 9 Heshvan 5763 [EMAIL PROTECTED] |- Phone: +972-53-245868, ICQ 13349191 |Tact is the art of making a point without http://nadav.harel.org.il |making an enemy. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl and apache 1.3.26
HI chris , I have a Debian version of Linux . I will try to re-install apache itself and copy the httpd.conf , I currenlty have . Right now our debian server is used by a testing organization to test our applications residing on this server. thought there should be some way to add mod_ssl without disturbing their work . thanks ibrahim Ibrahim, Windows or Unix? On Windows I may be able to explain it, but not Unix. Read my reply to Andreas re version of OpennSSL. -chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] mail2web - Check your email from the web at http://mail2web.com/ . __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl and apache 1.3.26
[EMAIL PROTECTED] wrote: HI chris , I have a Debian version of Linux . I will try to re-install apache itself and copy the httpd.conf , I currenlty have . Right now our debian server is used by a testing organization to test our applications residing on this server. thought there should be some way to add mod_ssl without disturbing their work . thanks ibrahim Ibrahim, Windows or Unix? On Windows I may be able to explain it, but not Unix. Read my reply to Andreas re version of OpennSSL. -chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] mail2web - Check your email from the web at http://mail2web.com/ . __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Ibrahim, I have Debian as well. I generally let apt-get (dpkg) handle everything. I tweak the Apache slightly. I would say that apt will handle your situation as well. I installed apache and then later installed apache-ssl. I seems to work fine but it also looks like there are 2 servers. In fact if you install only apache-ssl you do not have http, it seems. I only use my server for playing around on. I can experiment if that is of any help to you. I also have two more Debian machines that I can experiment with ... one is already running apache the other is not - but could be. My experience would indicate that your previous configuration will be preserved - sometimes even when you rather it did not. apt-get update apt-get upgrade These are the sources that I use. I am checking now to see what revs I am actually running (I am reasonably certain that apt-get updated the ssl in the past 2 weeks. I am running sshd as well and it needed the update as well. deb http://mirror.direct.ca/linux/debian/ testing main contrib deb-src http://mirror.direct.ca/linux/debian/ testing main contrib deb http://non-us.debian.org/debian-non-US woody/non-US main deb-src http://non-us.debian.org/debian-non-US woody/non-US main deb http://security.debian.org/ stable/updates main deb http://security.debian.org/ woody/updates main contrib non-free The resulting versions are ... Apache/1.3.26 (Unix) Debian GNU/Linux Apache/1.3.26 Ben-SSL/1.48 (Unix) Debian GNU/Linux I do not know enough about it, but the Ben-SSL may not be mod_ssl, it is listed as apache_ssl. Included in apache-ssl (Woody testing)... libc6 2.2.5-14.3 libdb2 2:2.7.7.0-8 libexpat1 1.95.2-6 libssl0.9.6 0.9.6g-2 this is important mime-support 3.19-1 apache-common 1.3.26-1.1 perl 5.6.1-7 libgdbmg1 1.7.3-27.1 perl-doc 5.6.1-7 logrotate 3.6.5-1 dpkg 1.10.4 openssl 0.9.6g-2 this is important apache-doc 1.3.26-1.1 I built the Apache, mod_ssl, OpenSSL (Win32) for Apache 1.3.26 but I do not use it - others asked for it. On windows I am using Apache 2.0.42 - it has (can have) the SSL built-in but I am not using it. If someone else would like to comment (not about using Windows) it would be appreciated. My suggestion... Add sources to security and testing if necessary and run: apt-get update apt-get upgrade Originally Woody had Apache 1.3.24 - my current rev were updated by apt-get update/upgrade. Chris. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: mod_ssl and apache 1.3.26
Hey , I too have the same requirement. I want to install(add module) only mod_ssl to existing apache and openssl . Many sites explain how to install apache with mod_ssl from their sources. but no where I found how to add the mod_ssl module alone. I appreciate if any one can help us in doing this. thanks ibrahim Original Message: - From: Andreas Schnell [EMAIL PROTECTED] Date: Sat, 28 Sep 2002 17:31:35 +0200 To: [EMAIL PROTECTED] Subject: mod_ssl and apache 1.3.26 Hey, I try to install mod_ssl. The problem is that the install manual just describes how to install it together with apache and openssl. Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and don't want to remove it just to install mod_ssl. Is there any way to install mod_ssl, even if apache and openssl is already installed ? I hope so. Any help is greatly appreciated. Thnx Andreas mail2web - Check your email from the web at http://mail2web.com/ . __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
RE: mod_ssl and apache 1.3.26
Due to unaviodable circumstances, I am away from the office until the Monday 30th September 2002 I will get back to you as soon as i can on my return. If it's an urgent Online Learning Support Unit / Web/ MUBSWEB/ MUBS Online matter that requires urgent attention then please contact either Kirsteen1, Sanjay1 or Jeff1 who should be able to help. If the problem relates to mubsweb please contact sanjay1 If the probelm relates to OASIS or WebCT please contact Kirsteen1 If your query relates to mbs or it support please contact Jeff1 All the best Alex __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl and apache 1.3.26
Andreas Schnell wrote: Hey, I try to install mod_ssl. The problem is that the install manual just describes how to install it together with apache and openssl. Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and don't want to remove it just to install mod_ssl. Is there any way to install mod_ssl, even if apache and openssl is already installed ? I hope so. Any help is greatly appreciated. Thnx Andreas Andreas, Windows or Unix? On Windows I may be able to explain it, but not Unix. You should not continue to use OpenSSL 0.9.6c, there are serious exploitable flaws in versions less than 0.9.6g. In any case I think it matters more that mod_ssl be built with a specific version of OpenSSL. Adding the mod to Apache should be possible without reinstalling. However, by saving your httpd.conf and replacing it later, a refresh of the whole code base is not be a big deal in my mind. -chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl and apache 1.3.26
[EMAIL PROTECTED] wrote: Hey , I too have the same requirement. I want to install(add module) only mod_ssl to existing apache and openssl . Many sites explain how to install apache with mod_ssl from their sources. but no where I found how to add the mod_ssl module alone. I appreciate if any one can help us in doing this. thanks ibrahim Original Message: - From: Andreas Schnell [EMAIL PROTECTED] Date: Sat, 28 Sep 2002 17:31:35 +0200 To: [EMAIL PROTECTED] Subject: mod_ssl and apache 1.3.26 Hey, I try to install mod_ssl. The problem is that the install manual just describes how to install it together with apache and openssl. Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and don't want to remove it just to install mod_ssl. Is there any way to install mod_ssl, even if apache and openssl is already installed ? I hope so. Any help is greatly appreciated. Thnx Andreas mail2web - Check your email from the web at http://mail2web.com/ . __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED] Ibrahim, Windows or Unix? On Windows I may be able to explain it, but not Unix. Read my reply to Andreas re version of OpennSSL. -chris __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl and apache 1.3.26
On Sun, Sep 29, 2002 at 02:23:11AM -0400, [EMAIL PROTECTED] wrote: Hey , I too have the same requirement. I want to install(add module) only mod_ssl to existing apache and openssl . Many sites explain how to install apache with mod_ssl from their sources. but no where I found how to add the mod_ssl module alone. This is only possible if apache already has EAPI built in. To check do: ./httpd -V It should list: -D EAPI for the install without rebuilding apache to work. Also make sure that openssl is OpenSSL 0.9.6g. vh Mads Toftum -- `Darn it, who spiked my coffee with water?!' - lwall __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl and apache 1.3.26
Hey, I try to install mod_ssl. The problem is that the install manual just describes how to install it together with apache and openssl. Well... I have Apache 1.3.26 and openssl 0.9.6c already installed and don't want to remove it just to install mod_ssl. Is there any way to install mod_ssl, even if apache and openssl is already installed ? I hope so. Any help is greatly appreciated. Thnx Andreas