Hello ,
Iam using "openssl req" command to generate a
private key and certificate request for a
pache-nod_ssl server. Here I have to specify the
keysize in bits...if a keysize less than 384 is given
openssl reports that the size should atleast be 384.
If a size of 384 is given the key and certi
Have you looked at Siege?
http://www.joedog.org/siege/index.html
It does pretty much the same thing as the Apache ab tool, and more.
-Dave
> -Original Message-
> From: [EMAIL PROTECTED]
>
> I'm not really looking at benchmarking web servers, but to run performance
> analysis on some of
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Geoff Thorpe
Thanks for the lowdown on both session caches, Geoff.
It really seems to me that at this point, the shmcb cache should no longer
be part of the SSL_EXPERIMENTAL code, and even be made t
You definately don't need to be running both sslstart and then start, just
running sslstart should start up both http and https servers running on port
80 and 443.
You should have these statements in your httpd.conf
Port 80
Listen 80
Listen 443
If not, something else weird is going on.
-Dav
Hey there,
Warning: long mail ahead. I've been meaning to explain some details of shmcb for
a while and here it is. I can now recede further into my woodwork knowing that
I've brain dumped a little :-) If you're at all interested in this stuff please
take a squint through this. It may also help t
Thanks Dave,
Here are the results...
I have been starting the server with
/usr/local/sbin/apahectl sslstart
Then
/usr/local/sbin/apahectl start
(Am I supposed to do both - in that order?)
I installed curl (http://curl.haxx.se/) and
tested via the terminal
When I type...
/usr/local/bin/cur
It sounds like you are not running "apachectl startssl", and just running
"apachectl start".
Personally, I've found those statements a PITA.
What I do is replace all statements with , except for the ones around the mod_ssl LoadModule and AddModule
lines.
Then if I want to turn off mod_ssl, I
Hello there,
I have spent hours pouring over the archives of this
list to find an answer to this problem. It seems that
none of the answers, so far, match this problem "exactly."
In other words, I have tried everything and nothing works.
No matter what I do, I get "Server not accepting connect
Your configuration looks good, but I'm pretty sure
that --enable-rule=SSL_EXPERIMENTAL should be part of your APACI_ARGS when
configuring mod_perl, not when configuring mod_ssl.
Of course, if it works, maybe Ralf moved shmcb out of the SSL_EXPERIMENTAL
code? I'll have to look at the source to ch
Browsing through the mod_ssl source code, I notice that ssl_engine_config.c
has a reference to stdin. Unfortunately I don't know lex/flex well enough
to understand why. What's up? When does mod_ssl need to read stdin?
I know that the default SSLPassPhraseDialog setup will cause it to prompt
> Given my experiences of Verisign's customer service, I often
> wonder what
> exactly they do for me.
Well, they gave me something to laugh about this morning.
http://www.microsoft.com/technet/security/bulletin/MS01-017.asp
--
Paul McGarrymailto:[EMAIL PROTECTED]
Systems Integrat
Hey thanks David,
Quick follow up:
(I've attached my build instructions with the modifications for
SSL_EXPERIMENTAL below, can you check?)
Should I assume that the "shmcb" cache would look something like this?
SSLSessionCache shmcb:/u1/httpd/logs/ssl_scache(1024000)
SSLSessionCacheTime
At 02:06 PM 03/22/2001 , you wrote:
>I'm currently having the same problem: mod_ssl.c can't compile because it
>finds lots of syntax errors in wincrypt.h (which obviously SHOULD compile
>without errors, but it's having problems finding defns for HRESULT, DWORD,
>etc.)
>
>Any idea how to fix thi
I'm not really looking at benchmarking web servers, but to run performance
analysis on some of our on-line systems.
stunnell seems workable. Year end hours must make my brain fuzzy because I
should have thought of that.
I also considered putting SSL into the ab program itself. It doesn't
actual
>
>Hi,
>What has happened is that someone has telneted into your web server and
>issued a get command. AFAIK no great mischief can be done by this. I believe
>that I'm correct in saying that this is a feature of apache.
>Try it for yourself.
>I have a test server called testweb, if I do the follo
Hi Max,
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Max Clark
>
> Hi all.
>
> I have been tuning my web farm (for the past 6 months now), and
> have had the
> typical MSIE SSL issues along the way. I stumbled across a post today
> regarding the
Take a look at the program siege, (search on freshmeat.net), it benchmarks
web servers over SSL pretty well.
-Dave
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Burgoyne
>
> People;
>
> Is anyone aware of a tool like apache bench (a
Hi all.
I have been tuning my web farm (for the past 6 months now), and have had the
typical MSIE SSL issues along the way. I stumbled across a post today
regarding the SSLSessionCache (my config is below), and my question is which
session cache will give the best performance for my system?
I ne
> Is anyone aware of a tool like apache bench (ab) for SSL?
Try running ab thru stunnel
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PR
On Thu, Mar 22, 2001, Martin Kraemer wrote:
> The appended patch fixes the (on EBCDIC-based machines) erroneous
> comparison between the configured ServerName (EBCDIC) and the Canonical
> Name from the certificate (extracted raw => ASCII).
>
> The effect of this bug was a warning during startup:
People;
Is anyone aware of a tool like apache bench (ab) for SSL?
Jeff Burgoyne
[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
Jon Lawrence wrote:
> What has happened is that someone has telneted into your web server and
> issued a get command. AFAIK no great mischief can be done by this. I believe
> that I'm correct in saying that this is a feature of apache.
It is a feature of *all* HTTP servers. They are all open to a
- Original Message -
From: "Deocs Postmaster" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, March 22, 2001 12:16 PM
Subject: what is this?
> Users,
>
> I found this in my access log this morning. The server is
> > Apache-1.3.19+mod_ssl-2.8.1 with mod_dav under Win2K
> an
Sounds like a job for ... OpenCA!!!
-Original Message-
From: Thornton Prime [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 22, 2001 08:21
To: [EMAIL PROTECTED]
Subject: Re: FYI - Equifax reselling Verisign Global SGC certs at cost!
What is 'at cost'?
I'm glad to see EquiFax offering
What is 'at cost'?
I'm glad to see EquiFax offering competitive rates, but seriously, IMNSHO
these prices are still marked up several times what it actually costs
them.
Given my experiences of Verisign's customer service, I often wonder what
exactly they do for me.
thornton
On Thu, 22 Mar 20
Someone was testing to see if your machine is an open proxy. It appears
(from the 200 result code) that it is. 63.251.5.48 = InterNap, and I'm
guessing they are not authorized users?
It's not an ssl issue. You should look at the mod_proxy documentation to
make sure you are configured correctly.
-- Forwarded message --
Date: Thu, 22 Mar 2001 10:56:43 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Reselling Verisign Global SGC certs
>From today to March 28, Equifax is selling Versign 128-bit Global
Server Gated Crytpo certificates at cost. The Verisign pric
hi
i'm problems starting Apache v1.3.19 compiled with mod_ssl v2.8.1-1.3.19
(OpenSSL v0.9.6) on HP-UX B.11.00 and SunOS v5.6 platforms. Apache starts
normally the mod_ssl SSL configuration is read (-DSSL option), but when
Apache is started without reading the SSL configs i
Most likely, somebody is trying to see if they can use your Apache server as
a web proxy. Based on the status code and file size returned, I would guess
that your server is not running the proxy module and the default virtual host
responded instead.
--- Deocs Postmaster <[EMAIL PROTECTED]> w
Hi,
The appended patch fixes the (on EBCDIC-based machines) erroneous
comparison between the configured ServerName (EBCDIC) and the Canonical
Name from the certificate (extracted raw => ASCII).
The effect of this bug was a warning during startup:
[22/Mar/2001 12:55:17 00052] [warn] Init: (BCA
Never seen it before, but it looks like someone has their DNS set to your
server and thinks your server can return www.yahoo.com to their browser.
I'm assuming you aren't hosting www.yahoo.com on your server? The last two
figures are the html error code (200) and the size of the page returned
(1
Users,
I found this in my access log this morning. The server is
> Apache-1.3.19+mod_ssl-2.8.1 with mod_dav under Win2K
and hosts both HTTP and HTTPS.
63.251.5.48 - - [22/Mar/2001:05:40:58 -0500] "GET
http://www.yahoo.com/index.html HTTP/1.1" 200 1048
Has anyone else seen this, or know what
32 matches
Mail list logo
