]
remarks: [EMAIL PROTECTED] or [EMAIL PROTECTED]
mnt-by: APNIC-HM
mnt-lower:TM-NET-AP
changed: [EMAIL PROTECTED] 19990526
changed: [EMAIL PROTECTED] 20010124
status: ALLOCATED PORTABLE
source: APNIC
Can someone at Telekom Malaysia fix this please?
-
John Airey
that they could see that something useful was being done about
this problem. Now would you mind telling me how useful your post was?
Thank you.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2
, but there is a legacy
project to keep patches up to date.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Why do so many people who
We've had DNS problems, so I'm just checking whether this will be approved
to the list immediately.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0
reason I can think of
for not enabling SSL on port 443.
Also, check that you have the mod_ssl package installed with rpm -q
mod_ssl. That will probably explain your woes.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind
Yes, but it didn't come from Ralf. Check the headers. Someone who has a
message from this list at some time somewhere on their hard disk is
infected. It's even possible that they've never been subscribed (eg they
just looked at the archives).
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet
for this).
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
There is more historical evidence for the existence of Jesus Christ than
This isn't really a mod_ssl issue, but I suggest you use the absolute path
for included php as the current directory is probably where the httpd binary
is, or perhaps where the config files are.
(I changed the subject as my last post was rejected, somehow)
-
John Airey, BSc (Jt Hons), CNA, RHCE
checked the situation with
SP4 (yet).
The official line from Microsoft is that IE5.01 SP2 is no longer available,
as it is in the extended support phase:
http://www.microsoft.com/windows/ie/support/ie51exsupport.asp
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD
That hasn't answered my question about which exact version it is. Is it SP1,
SP2, SP3 or no service pack? Those are the details that are needed to look
into this. If in fact the end user hasn't applied Microsoft's patches to
Microsoft's browser, how can that be your problem?
-
John Airey, BSc
particularly well).
I don't see a great deal of point in putting resources into solving this
one, except to ask what SSLSessionCache settings are you using? These have
been known to cause problems with IE.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal
I use
SSLSessionCache shm:logs/ssl_scache(512000)
SSLSessionCacheTimeout 300
and it works for me...
John
-Original Message-
From: Torvald Baade Bringsvor [mailto:[EMAIL PROTECTED]
Sent: 29 July 2003 12:48
To: '[EMAIL PROTECTED]'
Subject: RE: Problems with old MSIE 5.0
I've just double-checked and the Red Hat 7.3 RPM packages (apache-1.3.27-2
and mod_ssl-2.8.12-2) use dbm instead of the shm caching that was in 7.2:
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout 300
I hope this hasn't sent you off the wrong way...
-
John Airey, BSc (Jt
Do you have the ipchains or iptables firewall enabled? Try service ipchains
stop and service iptables stop to disable it completely and then try
again. In the former case lokkit will allow you to configure your firewall
to accept connections on the relevant ports.
-
John Airey, BSc (Jt Hons
a localhost.localdomain cert. I take
it that the above paths are where your key and certificate are?
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
/domain.key
In your configuration? If not it will probably still be using
the default
configuration, which I think will have a
localhost.localdomain cert. I take
it that the above paths are where your key and certificate are?
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems
Did you install the mod_ssl package too? Did you know that Red Hat renamed
the package from apache to httpd (for some kind of consistency I guess,
although confusing to those who know about it already).
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal
, but it worked fine with one of the betas.
I could make up some RPMs for the latest openssl version, but I've not had
any demand (or much time. I've spent most of the last three weeks trying to
rebuild an evil windoze server).
See the openssl FAQ for some more details.
-
John Airey, BSc (Jt Hons), CNA
I've just received an email from GlobalSign that makes it appear that
Wildcard certificates are still financially viable. If anyone wants details
can they contact me off the list.
Thank you.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute
:
http://search.cpan.org/author/CHAMAS/Crypt-SSLeay-0.49/
I'm sorry, for what? For requesting https?
- nick
Have you tried requesting these pages another way, eg with a browser or even
curl (http://curl.haxx.se)? Like Mads says, it does look to be a client
error.
-
John Airey, BSc (Jt
/ladyraquel/secure
SSLRequireSSL
/Directory
/VirtualHost
See the SSLRequireSSL directive for more details.
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC22
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind
REMOVE THE REDHAT OPENSSL PACKAGE. You'll have even
more problems if you do...
Like Owen, I don't think you can build mod_ssl without mm either.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2
=~ s|($hi)|$1|;
}
print $l;
}
!
Is something broken? The contrib part is no longer linked to from the top
level http://www.modssl.org either.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough
in the openssl FAQ).
If there's sufficient demand I'll make up an openssl 0.9.7 RPM for RedHat
users. So far no-one has asked...
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44
For just under $2000, Security space will give you a report on it.
http://www.securityspace.com/s_survey/payrepdetail.html?ym=200212cat=Apache
Techrepid=10903
(Which explains why the links on the modssl site to statistics are out of
date).
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet
Oops, my mistake. The page
http://www.securityspace.com/s_survey/payrepdetail.html?ym=200212cat=Apache
Techrepid=10903 says 1.4 million mod_ssl sites out of 5.3 million Apache
sites.
I'd reckon that mod_ssl is the number one secure server on the 'net.
-
John Airey, BSc (Jt Hons), CNA, RHCE
had a security auditor recently who said much the same.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Nearly
-Original Message-
From: Boyle Owen [mailto:[EMAIL PROTECTED]]
Sent: 24 January 2003 10:09
To: [EMAIL PROTECTED]
Subject: RE: Verifying enabled ciphers?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Nearly everything we believe is second hand.
Apologies for the last message everyone. I thought I was sending it
personally, and not to the list.
Must pay more attention in the mornings.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2
, they were
losing money by issuing them. We had to give a statement last year on how
many sites we'd run it on and agreed a price for them.
I will check with my contacts within Thawte and get a definitive response.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal
wildcard
certificates when we renewed last year.
I'll post exact details when I get them.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848
.
It looks highly likely that this will be the first year since 1998 that we
don't continue with wildcard certificates and go back to managing
certificates individually.
Thanks for raising this one Mads. Hopefully the position is now clear.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems
httpd.conf configuration file (with any data you don't want
made public removed) would be most useful.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733
Will the file be fairly large then?
Try setting these to 8M and 16M respectively (if you have enough memory that
is), do a reload of the config and see if the problem repeats. It may be the
case that there is a large overhead on the forms that you are submitting
(since each field becomes a PHP
I've just re-read the original posters message, and it is possible that when
they say the system is self-built that they built an older version of
openssl. However, given what I've already said that is unlikely.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD
Sorry to be slow on the uptake. How big is your POST? I had an issue with
memory_limit, post_max_size and upload_max_filesize (all in /etc/php.ini).
If your POST is bigger than the limits within php, the script may give up.
This could be the cause of what you are seeing.
-
John Airey, BSc (Jt
Oops. I meant to say that you should have memory_limit twice
upload_max_filesize. I've had problem when they've both been the same.
John
-Original Message-
From: Jan-Piet Mens [mailto:[EMAIL PROTECTED]]
Sent: 17 December 2002 16:50
To: [EMAIL PROTECTED]
Subject: RE: POST with
is it worth
recompiling, and in that case you can use /usr/local/ssl or /usr/local to
build it in (ie, don't overwrite the /usr/bin/openssl file). Although as you
are in the US then you are restricted by a number of US patents anyway. See
the openssl FAQ for more information.
-
John Airey, BSc (Jt
Challenge/Response (as this
prevents Netscape or Mozilla getting into your mailbox) and basic
authentication. We do get a niggly message your password will expire in 0
days, but we just ignore it.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National
/IIS4 we've disabled both Challenge/Response (as this
prevents Netscape or Mozilla getting into your mailbox) and *anonymous*
access. We do get a niggly message your password will expire in 0 days,
but we just ignore it.
If you followed my last message, you'd never get in. Doh!
-
John Airey, BSc (Jt
.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
If we could learn one thing from September 11th 2001, it would be the utter
this since version 7.0. With version 8.0,
the apache package name disappears and is called httpd instead. I guess
they are synchronising the names of the packages to match the daemon names,
although I haven't yet checked to see if bind has become named.
-
John Airey, BSc (Jt Hons), CNA, RHCE
an RPM or compiled
it myself, so hopefully version 8.0 does what I haven't managed yet.
Thanks for the information.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299
. On your system you might need apachectl reload instead as
the above example is for a Red Hat Linux system.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0
An rpm for mod_ssl comes with Red Hat 7.2 (I assume that's what you are
referring to). As for latest, there should be an update available from Red
Hat fairly soon.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell
in.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Theories of evolution are like buses - there'll be another one along
with 7.3 though. You'll break
several packages that come with 7.3 such as ssh, sendmail and nearly all the
email programs.
I used to compile apache and mod_ssl, but now I prefer to wait for the
packages from Red Hat.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal
,
then you don't
have a firewall on the server. If you get anything else, it could be
stopping packets coming in.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National
Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0
Could you eloborate on why you say that reverse proxy with SSL won't work?
We've been running it for years on our Exchange system here, although
granted that uses 5.5 rather than 2000. Testing of access to OWA 2000 is on
my to-do list.
Thank you.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet
at http://httpd.apache.org/docs/mod/mod_access.html#allow
doesn't all work for me.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL
haven't
heard from them soon, I will probably release an update myself.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED
in
their latest version. I didn't even get told this when I rang their support
department.
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL
So why do your telephone support people not know about this? They advised me
to log it on bugzilla in the first place. Why isn't this page linked to from
your errata site? That's where people look for updates. Why no information
to CERT or Bugtraq?
You're beginning to make Microsoft look
That depends on which firewall you have. Mail me off the list with details
and I'll see what I can do to help.
I was hoping to speak at this year's apachecon on Apache and Firewalls,
but it wasn't to be! Maybe next year...
-
John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer
Try this instead
openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out ca.key 1024
Where file1 to file5 are reasonably random files. Log files are handy for
this.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough
://curl.haxx.se
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Is the statement 'There is no such thing as truth' true?
-Original Message
There's always the possibility of a wildcard certificate, but you'd need to
have the same domain name throughout. Some browsers don't work with them.
See www.thawte.com for details.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road
Sounds like you have some absolute links rather than relative links. You can
also use
proxypass /test https://other-subdomain.ourdomain.com
If the data needs to be secured between the proxy and the destination
server.
-
John Airey
Internet systems support officer, ITCSD, Royal National
and reinstalled
because of the number of dependencies on them.
Likewise, I'd never use no-deps without a really really good reason.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0
I tried exactly the same on RedHat 7.2, with the same result. If there is a
way round this I'd like to know as well, as for now I've given up on Apache
2.0 with RedHat 7.2.
Out of interest, is the user and group set to apache in the httpd.conf
file. Does the apache user and group exist?
You
have two other options (at least).
1.
Download the Apache-mod_ssl rpm from http://www.modssl.org/contrib/
2.
Upgrade to RedHat 7.0 or above, as this comes with it.
Either
way, keep a backup of your httpd.conf file, just in case.
- John Airey Internet
systems support officer, ITCSD
brings me to the point. Are you using the packages that came with
RedHat 7.2, or compiling your own? In the latter case, you may be seeing
conflicts with the openssl libraries that come with Red Hat 7.2. I've had no
difficulties with the packages that come with Red Hat 7.2 thus far.
-
John Airey
.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
If Charles Darwin knew a fraction of what scientists know today, he'd never
have written the Origin
on some Windows 2000 machines.
Don't we just love Microsoft?
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
If Charles Darwin knew a fraction
I believe you need openssl installed as you do with the apache 1.3 mod_ssl
combination. At the very least you need /lib/libcrypto.so.0 and
/lib/libssl.so.0.
John
-Original Message-
From: Frederik Uyttersprot [mailto:[EMAIL PROTECTED]]
Sent: 16 May 2002 12:26
To: [EMAIL PROTECTED]
Answering my own post, the line
RequestHeader unset Authorisation
in Apache 2.0.36 config fixes this issue. I've also been sent a dirty hack
of mod_proxy from someone else to do the same.
Perhaps putting the line a little off topic in my post stopped everyone
reading it!
John
-Original
weeks before Code Red hit
saying that IIS is not safe to use, some people still insist on using it.
(Apologies for the bad word-wrapping).
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax
The list has been quiet for nearly six hours. I'm getting concerned
(especially as I've not had a response to the last post).
Oh well, off to compile Apache 2.0 I go.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2
a loquitor (I'm not sure of the spelling,
but it means the thing speaks for itself. It's used a lot in law).
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL
.
I'm not sure what you mean about information being signed with a given key.
Do you mean a personal key like a digital signature, or do you mean the SSL
key?
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute of the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0
to factor in AOL users who apparently (urban myth?)
change IP addresses every few seconds. I haven't seen anything on Bugtraq
recently about IP hijacking, but then again I delete more emails from
Bugtraq than I do from this list.
-
John Airey
Internet systems support officer, ITCSD, Royal National
that 512bit keys are now breakable via desktop machines. Allegedly the
US Government has the power to break 1024 bit keys. There's been a lot of
discussion about this on Bugtraq recently.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road
I've attached the email notification from Red Hat about the latest rpm for
mod_ssl (I did this in Outlook, so probably no-one else can read it).
Unless you are running client certificates, there's no rush to put this on
your system.
-
John Airey
Internet systems support officer, ITCSD, Royal
/downloads/recommended/ie501sp2/default.
asp)
I can't find a definitive answer on the MS site, like a list of bugs fixed
with SP2. IE5.01SP2 is apparently the lowest supported browser by MS now.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road
headers, whilst the
libraries used are the newer version of openssl that you've compiled.
I'll be trying this kind of installation out myself soon for Red Hat 7.2, as
the lag in versions that Red Hat provide is becoming irritating. If you are
still stuck I'll speed myself up a bit!
-
John Airey
often.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Evolution - A crutch for scientists who can't handle the existence of the
creator. See
This has been sent out by CERT as well. However, I'd be curious to find an
administrator who isn't on either CERT or Bugtraq though, especially one who
administers multiple systems as many of us do.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind
wildcard certificates, but other than the
original IE5 refusing them unofficially it does. In fact, there were
enormous bugs with IE5 (pre version 5.01).
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0
certificates, but other than the
original IE5 refusing them unofficially it does. In fact, there were
enormous bugs with IE5 (pre version 5.01).
-
John Airey
Internet systems support officer, ITCSD, Royal National
Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax
internally with IE
and SSL. IIRC that was with IE5.0 and no service packs. We currently use
IE5.5SP2 corporately (yuk!) again without SSL related problems.
Of course, YMMV. In an event, you'll find Thawte staff very helpful.
-
John Airey
Internet systems support officer, ITCSD, Royal National
.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
Agnostic (Greek) = Ignoramus (Latin)
-
NOTICE: The information contained in this email and any
.
This works because / appears in every single web request, so will match
all requests under your secure site.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL
if you
try the shm ssl session cache? Some people have reported that things start
working after using shm.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL
are the release dates, mod_ssl, Apache and openssl versions).
2.8.5 was released on 16th October, and openssl 0.9.6c was released on 21st
December, hence my statement that it should work with 0.9.6b or 0.9.6c.
Unless Ralf can say otherwise, it looks like 2.8.5 should build with 0.9.6.
-
John
I'd
suggest you try this for SSLSessionCache instead:
SSLSessionCache
shm:logs/ssl_scache(512000)
It
seems to fix it for most users.
-John AireyInternet systems support officer, ITCSD,
Royal National Institute for the Blind,Bakewell Road, Peterborough PE2
6XU,Tel.: +44 (0) 1733 375299
Some versions of Lynx do not have support for SSL compiled in. I suggest you
get hold of a version that does, or compile it with SSL support.
Have a look at http://lynx.isc.org/ for more details.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind
/Content/Certificates and
click the Trusted Root Certification Authorities. If Equifax isn't listed,
then that is your problem.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0
) root privileges. QED.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-
NOTICE: The information contained in this email and any attachments
the circuit board if you remove it.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-
NOTICE: The information contained in this email and any
work as well:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(.*)$
RewriteRule ^(/test/.*)$ https://remotewebserver/test1/$1 [P]
No doubt someone else knows a more elegant usage of mod-rewrite.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind
1.3.20 and
1.3.22 are for Windows anyway.
Incidentally, did you install the openssl-devel RPM package? Without that
you can't compile Apache-mod_ssl.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733
try the shm version, eg:
SSLSessionCacheshm:/var/run/ssl_scache(512000)
Seems to work better for everyone.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733
: I've
spent the last fortnight testing a single CD method of patching NT/IIS that
works for all the NT servers and workstations I support, yet the procedure
for updating our Linux boxes was written and completed in an afternoon.)
-
John Airey
Internet systems support officer, ITCSD, Royal
The commented out Listen 443 and Listen 80 are probably part of your
problem, however, I'd suspect that your httpd.conf is missing the following
from the relevant sections also:
LoadModule ssl_module modules/libssl.so
AddModule mod_ssl.c
-
John Airey
Internet systems support officer
as it is!)
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-
NOTICE: The information contained in this email and any attachments is
confidential
on an Apache web server? What's that? I've never heard of such a
thing! I count the downtime on our servers in seconds per year, and that's
only for restarting each time apache-mod_ssl is updated. IIRC each restart
takes around 20 seconds.
Microsoft dig deleted - the choir aren't interested
-
John
. I imagine there are
far fewer of those about. Speaking personally, if anyone can't access any of
our sites with IE4, I won't be trying to fix it!
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733
is
encrypted.
No, communication between https://secwww.company.com between
another-machine.company.com is not encrypted. If another-machine.company.com
supports SSL, you can use https:// in your ProxyPass directive. The last
time I looked, this was not documented in the mod_ssl documentation.
-
John Airey
at IE6.
-
John Airey
Internet systems support officer, ITCSD, Royal National Institute for the
Blind,
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED]
-
NOTICE: The information contained in this email and any attachments is
confidential
For my log rotation, I use this shell script every month:
#!/bin/csh
# Written by John Airey 30/6/2000
# Move Apache log files and reload Apache web server
/bin/mv /var/log/httpd/* /var/log/httpd/archive
/etc/rc.d/init.d/httpd reload
The log files that are created are then burnt onto CD
1 - 100 of 201 matches
Mail list logo