On Tue, 22 Jun 1999 [EMAIL PROTECTED] wrote:
> Full_Name: Gary Barrueto
> Version: 2.3.4-1.3.6
> OS: Solaris 2.6
> Submission from: (NULL) (209.185.98.79)
>
>
> Hiyas..
> I've compiled mod_ssl 2.3.4-1.3.6 + apache 1.3.6 on a solaris 2.6
> with gcc 2.7.2.3.
>
> The source compiles without any
On Wed, Jun 23, 1999, [EMAIL PROTECTED] wrote:
> [...]
> well 2.3.5 came out and I tried compiling it and and also mm-1.0.7.
> mm came out with two awk errors , so I built mod_ssl without mm..
Err.. and which Awk errors, please? How do you think I can fix
them when you don't give me details?
>
On Tue, Jun 22, 1999, [EMAIL PROTECTED] wrote:
> Ben Laurie <[EMAIL PROTECTED]> writes:
>
> > [EMAIL PROTECTED] wrote:
> > >
> > > You may want to consider a solution from F5 Labs or HolonTech that will
> > > always "route" data to a particular server based upon SSL session
> > > id. Otherwise,
On Tue, Jun 22, 1999, Mike Wood wrote:
> [...]
> BTW How easy is it to build stuff like Apache on an NT box? (I do have a
> linux box too if I could cross-compile?) I would love to be able to stay
> current with these things?
When you've MS VC++ 5.0 installed it's mainly matter of following the
On Tue, 22 Jun 1999 [EMAIL PROTECTED] wrote:
> Full_Name: Gary Barrueto
> Version: 2.3.4-1.3.6
> OS: Solaris 2.6
> Submission from: (NULL) (209.185.98.79)
>
>
> Hiyas..
> I've compiled mod_ssl 2.3.4-1.3.6 + apache 1.3.6 on a solaris 2.6
> with gcc 2.7.2.3.
>
> The source compiles without any
Ben Laurie <[EMAIL PROTECTED]> writes:
> [EMAIL PROTECTED] wrote:
> >
> > You may want to consider a solution from F5 Labs or HolonTech that will
> > always "route" data to a particular server based upon SSL session
> > id. Otherwise, you'll have a boat load of re-negotiations going on. Not that
That sped things up by a factor of 100 over the 2.3.4 code running
on glibc-2.0.6...
thanx
s
--On Tue, Jun 22, 1999 6:07 PM +0200 "Ralf S. Engelschall"
<[EMAIL PROTECTED]> wrote:
>
> Oouuu... he had a really nasty bug in the shared memory session cache
> variant: Once the session cache wa
My setup is that I have a Cisco LocalDirector, which load balances to a
bunch of machines, and each of these machines mount their /usr/locals to a
common fileserver. I have a sticky bit set in the LocalDirector to keep a
user session tied to one of my internal machines for 30 minutes. I use the
I use the contrib build of 2.2.6 for Win NT but I need the fix for the MSIE keep-alive
problem. Is it in 2.2.6 ?
Maybe I can do this from within my servlets to force no keep-alive instead:-
response.setHeader("Connection", "close");
BTW How easy is it to build stuff like Apache on an NT box? (I
[EMAIL PROTECTED] wrote:
>
> You may want to consider a solution from F5 Labs or HolonTech that will
> always "route" data to a particular server based upon SSL session
> id. Otherwise, you'll have a boat load of re-negotiations going on. Not that
> I endorse any of these products, but these are
"Ralf S. Engelschall" <[EMAIL PROTECTED]> writes:
> How about his quick try:
>
> rse@en1:/u/rse
> :> openssl ciphers -v "-ALL:RSA:-HIGH:-MEDIUM:-MD5:RC4-MD5:-RC4-64-MD5"
> DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
> EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA
On Tue, Jun 22, 1999, [EMAIL PROTECTED] wrote:
> How would one limit the key exchange to just RSA, and the ciphers to 40 and
> 56 bit DES with SHA, and 128 bit RC4 with MD5?
>
> I've tried various combos. For example:
>
> $ ssleay ciphers -v "-ALL:kRSA+DES+SHA:kRSA+RC4+MD5:-EXP:-LOW"
>
How would one limit the key exchange to just RSA, and the ciphers to 40 and
56 bit DES with SHA, and 128 bit RC4 with MD5?
I've tried various combos. For example:
$ ssleay ciphers -v "-ALL:kRSA+DES+SHA:kRSA+RC4+MD5:-EXP:-LOW"
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=M
You may want to consider a solution from F5 Labs or HolonTech that will
always "route" data to a particular server based upon SSL session
id. Otherwise, you'll have a boat load of re-negotiations going on. Not that
I endorse any of these products, but these are the few that I know of that
do this.
Oouuu... he had a really nasty bug in the shared memory session cache
variant: Once the session cache was filled the hash table library adjusted it
and there it used plain heap-based calloc() instead of the MM variant
of calloc(). This later caused the session cache related core dumps, of
cou
> > What happens is netscape reports a network IO error and doesn't load the page.
> > But it will transfer the SSL cert before that just fine..
> >
> > [Mon Jun 21 15:12:02 1999] [notice] child pid 8216 exit signal Segmentation
> > Fault (11)
I got this problem under SuSE-Linux 6.0 modssl-2.3.
> > In /var/run directory, the httpd.mm.sem file is
> > owned by root. Mustn't it be by nobody ?
> > When I chown to nobody, seems to work normally.
>
> It should be named by nobody, yes.
Why?
Is the server runnig as nobody? As far as I know, it's usually a bad idea
if nobody owns files, isn't
gdb tell me more about SIGSEGV
Program received signal SIGSEGV, Segmentation fault.
0x4058106a in table_first ()
(gdb) where
#0 0x4058106a in table_first ()
#1 0x4057afdc in ssl_scache_shm_expire ()
#2 0x4057a4ac in ssl_scache_expire ()
On Tue, Jun 22, 1999, GOMEZ Henri wrote:
> > > In /var/run directory, the httpd.mm.sem file is
> > > owned by root. Mustn't it be by nobody ?
> > > When I chown to nobody, seems to work normally.
> >
> [GOMEZ Henri] I could see there is 2 files in /var/run with .sem
> extensions :
>
>
> > In /var/run directory, the httpd.mm.sem file is
> > owned by root. Mustn't it be by nobody ?
> > When I chown to nobody, seems to work normally.
>
[GOMEZ Henri] I could see there is 2 files in /var/run with .sem
extensions :
httpd.mm.sem owned by root
ssl_scache.sem
Ralf,
When I was testing SSL on one of our sites I set my browser to use the cert for
all further sessions and when I had finished testing, the cert I had left in the
browser caused problems in that the browser(Netscape) would only display the page,
and maybe one image. In the log you get a seg
On Tue, Jun 22, 1999, GOMEZ Henri wrote:
> In /var/run directory, the httpd.mm.sem file is
> owned by root. Mustn't it be by nobody ?
> When I chown to nobody, seems to work normally.
It should be named by nobody, yes. There is a chown inside MM for this. And
it works fine on my box:
-rw-
On Mon, Jun 21, 1999, [EMAIL PROTECTED] wrote:
> Hiyas.. I've been having a problem with mod_ssl + solaris 2.6 + gcc
> 2.7.2.3(2?).. Basicly iy compiled fine but then in the error log it would
> say that its child processes would segfault when trying SSL..
> so I searched throught the logs and f
In /var/run directory, the httpd.mm.sem file is
owned by root. Mustn't it be by nobody ?
When I chown to nobody, seems to work normally.
Stay tunned.
...
. . S.L.I.B .
. [_] . 5 Place Charles BĂ©raudier .
.
> What happens is netscape reports a network IO error and doesn't load the page.
> But it will transfer the SSL cert before that just fine..
>
> Here's what is in the error_log
>
> [Mon Jun 21 15:12:02 1999] [notice] child pid 8216 exit signal Segmentation
> Fault (11)
>
I get the same behavi
> What happens is netscape reports a network IO error and doesn't load the page.
> But it will transfer the SSL cert before that just fine..
>
> Here's what is in the error_log
>
> [Mon Jun 21 15:12:02 1999] [notice] child pid 8216 exit signal Segmentation
> Fault (11)
>
I get the same behavi
I am using apache 1.3.6, mod_ssl 2.3.4-1.3.6, and mod_perl 1.20...
and I am having my error_log full of :
[Tue Jun 22 08:09:44 1999] [error] mod_ssl: SSL handshake interrupted by
system
[Tue Jun 22 08:34:14 1999] [error] mod_ssl: SSL handshake interrupted by
system
...
Not very usefull : It doe
There appears to be a problem on this page of your site.
On your page http://www.modssl.org/docs/2.0/
when you click on your link to
http://www.modssl.org/docs/2.0/directive-dict.html
you get the error: Not found
As recommended by the Robot Guidelines, this email is to explain our ro
On Mon, 21 Jun 1999, Dave Paris wrote:
> Greets,
>
> I've been sifting through FAQs and archives, but I'm left with a
> lingering question.
>
> Given the following configuration:
>
>
> +---+
> | router |
> +-
Hiyas.. I've been having a problem with mod_ssl + solaris 2.6 + gcc
2.7.2.3(2?).. Basicly iy compiled fine but then in the error log it would
say that its child processes would segfault when trying SSL..
so I searched throught the logs and found some had the same problem
and someon suggested to a
Just request a certificate for www.domain.com and put the
same keys and cert onto each of your xxx.10? machines.
The servers don't care about the CN (server name) in the
cert. And the browser always asks for a page from
www.domain.com and expects that server name in the cert.
It's really simpl
On Mon, Jun 21, 1999, Randy Lee wrote:
> I've got a netscape 4.5 client that is reporting an error something to the
> effect of "Security Lock Open" when conectiong to the SSL site
>
> anyone seen anything kinda like this? I've got no clue where to start the
> thread...
Security Lock Open?
On Mon, Jun 21, 1999, Mark Himsley wrote:
> [...]
> As a separate question: why does https://www.modssl.org/ fail to display all
> the graphics and sometimes refuse connections?
Ops, correct. I don't know. I've to investigate... thanks for the hint.
Ralf
On Mon, Jun 21, 1999, John Hamlik wrote:
> I am seeing the same thing here. Static compile with mm...
> > > Using mod_ssl 2.3.4 + apache 1.3.6 under Redhat 6.0 and
> > kernel 2.2.5-22
> > > Using mm library and fully rebuilt under RH6.0 box
> > >
> > > Any idea ?
> > > [...]
> > > open("/var/
34 matches
Mail list logo