-users@modssl.org
Subject: Re: Specifying the openssl version used with mod_ssl
Hello Gunner,
Have you tried
--enable-ssl --with-ssl=/path/to/just/compiled/openssl ?
Regards,
Gregg
Gunner Geller wrote:
> Hello,
>
> We are using mac Leopard OS. We have rolled our own Apac
version. However when we compile Apache and enable mod_ssl it
still uses the old OpenSSL version. We can see it in our http headers:
Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l
When typing "openssl version" from my account and the root account I get:
OpenSSL 1.0.0a 1 Jun 2010
Hello,
We are using mac Leopard OS. We have rolled our own Apache(2.2.16)
separate from the default install. We have also rolled our own OpenSSL to
the latest version. However when we compile Apache and enable mod_ssl it
still uses the old OpenSSL version. We can see it in our http headers
Hello,
regarding http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
there seem to be different ways to enable ephemeral keying by using
SSLCipherSuite in the mod_ssl config.
If I specify kEDH for the kex algorithm, does it mean that the key
exchange is not integrity protected by using RSA/DSA (b/c
)
SSL Library Error: 336027900 error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to
HTTPS port!?
[client ::1] Connection closed to child 9 with abortive shutdown
(server localhost:443)
I am using mod_ssl/2.2.11 compiled against Server: Apache/2.2.11
siness Web | 650-549-3454
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
Hello,
I would like to do the following (Apache 2.2 config):
AuthUserFile /dev/null
#SSLOptions +ExportCertData +FakeBasicAuth
SSLOptions +FakeBasicAuth
#SSLRequire (%{SSL_CLIENT_S_DN_O} in {"ClientO1", "ClientO2"})
AuthLDAPURL "ldap://192.168.1.3:389/dc=testnet,dc=de?uid";
AuthType Basic
I need to implement a FIPS 140 compliant version of mod_ssl. Is there a
patch file or a distribution of mod_ssl
currently available for download which can be used in conjunction with
the fips compliant libopenssl?
I found a link to a patch file for modssl in a message sent earlier in
2008 but
modssl.org
Subject: RE: Need to add/enable/install mod_ssl
Dave and All:
Ok, now I know I can try the directives in my apache.
Althought by the directives SSLRandomSeed it´s indicating I have the mod_ssl
installed, I checked and the files mod_ssl.so and mod_ssl.c are not in the
paths indicat
Dave and All:
Ok, now I know I can try the directives in my apache.
Althought by the directives SSLRandomSeed it´s indicating I have the mod_ssl
installed, I checked and the files mod_ssl.so and mod_ssl.c are not in the
paths indicated, not in libexec/, nor in module/.
How do I get those files
David,
that was what I thought earlier. But since I´m told this directive is for
Apache 1.x, and not Apache 2.0 (which is mine), I wonder how differ the
directive to include to httpd.conf. What I mean is that I think I hv the
mod_ssl installed, but not enabled yet, and to enable, if it´s
All,
I´m told that having the directives in httpd.conf
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
means that my apache is configured with mod_ssl (thanks to the guy that told me
so!)
Now the question risen up is how do I do to have my https working? As I
mentioned below
Hi, experts:
>> Here are the environment configuration:
>> Web server: Apache/2.0.46 (Unix) mod_jk/1.2.4
>> Server: -HP-UX
>> Tomcat: 4.0
I have a apache already installed (by other team, which doesnt know if there´s
the module mod_ssl). The final purpose is to secure
All,
My apache installed is has only the mod_jk.sl in the "libexec/" directory.
I want to know what I need to do in order to to configure my current http to
https? I know this is a very general question, but to start, I guess I need to
include the directives in httpd.conf:
1)
LoadModule
Hello,
Can MOD_SSL be configured to only use the FIPS 140-2 complaint openssl ???
Ed
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt
are running the
newer apache tree.
Thanks,
Ron DuFresne
On Tue, 1 Apr 2008, Sir June wrote:
I have a Solaris box with Apache 2.2.3 and mod_ssl 2.2.3. Our security
consultant ran a vulnerability software and the report recommended to upgrade
to mod_ssl 2.8.24 or higher. Is this
I have a Solaris box with Apache 2.2.3 and mod_ssl 2.2.3. Our security
consultant ran a vulnerability software and the report recommended to upgrade
to mod_ssl 2.8.24 or higher. Is this possible ? as i only see
releases for Apache 1.3.x What are your recommendations?
thanks
I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl as
well. My concern is about the two vulnerabilities
(htp://www.securityfocus.com/bid/10736/info,
htp://www.securityfocus.com/bid/4189/info). I do not have any information
whether or not these two vulnerabilities
I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl as
well. My concern is about the two vulnerabilities
(http://www.securityfocus.com/bid/10736/info,
http://www.securityfocus.com/bid/4189/info). I do not have any information
whether or not these two vulnerabilities
I've found a solution to this problem. You have to use the version of
OpenSSL installed on your machine. In my case, it's 0.9.7l (the latest
version Apple is supporting). When I tried configuring mod_ssl with
SSL_BASE=SYSTEM, it failed saying it couldn't find the OpenSSL l
Looking for last minute shopping deals?
Find them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
______
Apache Interface to OpenSSL (mod_ssl) www
___
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
______
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
Hi,
I am trying to run Apache 1.3.39 with mod_ssl 2.8.30, openssl 0.9.8g and
mm 1.4.2. I am able to successfully compile it, but when I start Apache
in SSL mode, it exits immediately. Looking in the error log, I see the
following message:
dyld: lazy symbol binding failed: Symbol not found
2007 at 02:10:17PM -0600, Chris Jordan wrote:
> > Hi folks,
> >
> > I'm a complete newbie to compiling apache, and I'm trying to install my
> > first SSL certificate. All instructions I can find so far all assume
> that I
> > have mod_ssl installed already.
On Fri, Dec 14, 2007 at 02:10:17PM -0600, Chris Jordan wrote:
> Hi folks,
>
> I'm a complete newbie to compiling apache, and I'm trying to install my
> first SSL certificate. All instructions I can find so far all assume that I
> have mod_ssl installed already.
>
>
As of Apache 2.x mod_ssl is included in the distribution. All you
should have to do is enable the module in the configuration file.
Rich
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
Hi folks,
I'm a complete newbie to compiling apache, and I'm trying to install my
first SSL certificate. All instructions I can find so far all assume that I
have mod_ssl installed already.
I'm willing to install it, but all of the references I can find to the
latest and grea
Hello. I'm having trouble compiling Apache with mod_ssl, on an MacBook
Pro running Mac OS 10.5.1. I'm trying to build the following programs
(rather than using the ones that come with the OS):
openssl-0.9.8g
mm-1.4.1
mod_ssl-2.8.30-1.3.39
apa
an someone tell me
what I'm doing wrong below?
-Thanks
tar zxvf apache_1.3.33.tar.gz
tar zxvf mod_ssl-2.8.24-1.3.33.tar.gz
tar zxvf openssl-0.9.6b.tar.gz
tar zxvf mod_perl-1.0-current.tar.gz
cd openssl-0.9.8b
./config
make
cd ..
cd mod_ssl-2.8.24-1.3.33
./configure \
--with-apache=.
On Mon, Sep 10, 2007, Ralf S. Engelschall wrote:
> Apache 1.3.39 was released recently.
> An updated mod_ssl 2.8.29 for Apache 1.3.39 is now available, too.
> Find it on: http://www.modssl.org/
Unfortunately, there was a bug in the auto-generated patch caused by a
changed amount of pa
Apache 1.3.39 was released recently.
An updated mod_ssl 2.8.29 for Apache 1.3.39 is now available, too.
Find it on: http://www.modssl.org/
Ralf S. Engelschall
[EMAIL PROTECTED
I patched the EAPI patch to apply cleanly to 1.3.39. This should work
until a version is rolled for 1.3.39.
Cheers,
Doug
diff -PurN mod_ssl-2.8.28-1.3.37/pkg.eapi/eapi.patch
mod_ssl-2.8.28-1.3.39/pkg.eapi/eapi.patch
--- mod_ssl-2.8.28-1.3.37/pkg.eapi/eapi.patch 2007-09-10 13:31:38.0
Some of the patches in eapi.patch do not apply cleanly and are
rejected. This means that, unless you hand apply them, the
patch isn't complete and you core dump when mod_ssl is trying
to hook.
Pascal Nobus wrote:
>
> Does anyone know that a new version of mod_ssl is under constructio
Does anyone know that a new version of mod_ssl is under construction for
use with apache 1.3.39?
I tried to compile Apache-1.3.39 with mod_ssl for 1.3.37 but that kills
apache...
best regards,
Pascal
__
Apache Interface to
.conf. However, the WORKING
installation is linked to these exact same libraries and although
there's a PassEnv command in it's httpd.conf, nothing was added to
envvars.
If it *is* a permissions issue, what does mod_ssl need permission to get
to in order to function properly? I noti
I have a feeling that I'm missing something
elementary here. I have an install of apache 2.0.55 with mod_ssl
enabled on a HP-UX system in /opt/apache2. This one runs fine. I
recompiled another copy of apache (same version) into /opt/apache2a (for
testing purposes) t
All,
I recently ran into a problem with mod_ssl and Internet Explorers version 6 and
7. I have found that in the case where "SSLVerifyClient" is set to anything
other than exactly "none" with Apache 1.3.x and mod_ssl 2.8.x that a client
using Internet Explorer version 6
All,
I recently ran into a problem with mod_ssl and Internet Explorers version 6 and
7. I have found that in the case where "SSLVerifyClient" is set to anything
other than exactly "none" with Apache 1.3.x and mod_ssl 2.8.x that a client
using Internet Explorer version 6
nging :80
> to
> > > :443, still nothing.
> > >
> > > This is really the first time I've ever touched ssl, so I'm
> > hoping
> > > I'm missing something really dumb. I've basically just got the
> > > standard ssl.conf example modified ever so slightly so that
> > things
> > > point i
;m
> hoping
> > I'm missing something really dumb. I've basically just got the
> > standard ssl.conf example modified ever so slightly so that
> things
> > point in the right place.
> >
> > ?
> >
> > Any ideas?
> >
> >
>
______
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EM
___
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
___
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Even more revealing was the passphrase prompt, not required for plain
httpd...
Thanks,
Ron DuFresne
On Tue, 19 Jun 2007, Omar W. Hannet wrote:
Are you quite certain that the LoadModule for mod_ssl has been
commented out? The reason I ask
QFGeoxqst+vzJSwZikRAimeAJ9TaRtg2S4RYPSGjsho9oI+DIkp9QCfZLgv
L0UtGwP46PoAop7cqTs6G+E=
=N1Ne
-END PGP SIGNATURE-
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@m
Are you quite certain that the LoadModule for mod_ssl has been
commented out? The reason I ask: the output from 'apachectl start'
which you provided below shows 'mod_ssl/2.2.4'.
In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
'Apache/2.2.4
?
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
SSLRandomSeed startup builtin
SSLRandomSeed connect
le_cache authnz_ldap charset_lite dav_lock
disk_cache" --prefix=/opt/apache-2.2.4
Httpd -l gives below
[EMAIL PROTECTED] bin]# httpd -l
Compiled in modules:
core.c
prefork.c
http_core.c
mod_so.c
How do I compile so that it does not load mod_ssl automatically and
loads only if httpd.conf
:
core.c
prefork.c
http_core.c
mod_so.c
How do I compile so that it does not load mod_ssl automatically and
loads only if httpd.conf is configured.
Surprisingly there are no error logs even at debug level.
Thank you so very much for the kind help.
-Original Message-
From: [EMAIL
whereas
this is actually a http server.
Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check this.
After I enter a passphrase, it shows
successful but the server never starts up. Can someone please help?
The reason probably can be found in Apache's error_log file.
/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server 10.3.110.109:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
Httpd.conf
# Secure (SSL
http://csrc.nist.gov/cryptval/140-1/1401val2007.htm#733
Best~
-d
[EMAIL PROTECTED] wrote:
Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl
is FIPS 140-2 validated? What version of OpenSSL is distributed with the
current version of Apache? Any help is much appreciated
Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl
is FIPS 140-2 validated? What version of OpenSSL is distributed with the
current version of Apache? Any help is much appreciated...
Thanks,
David Gerendas, CISSP
McAfee, Inc.
949-297-5600 Main
949-860-3369 Direct
949
my apology for late replies...it works for me.
Thanks Team !!!
On 6/12/07, Omar W. Hannet <[EMAIL PROTECTED]> wrote:
Lalit Kapoor wrote:
> Can you give me some idea if it possible to add mod_ssl in running
> configuration or do i need to recompile and install apache with mod_ss
That sounds like a lot of unnecessary overhead for the Apache boxes.
Check: http://www.apsis.ch/pound/ .. it does precisely what you seek.
Best~
-d
Saikat Saha wrote:
Hi,
We are trying to setup apache 2.2.4 alongwith mod_ssl and mod_jk. Mod_jk
has been successfully configured and
Hi,
We are trying to setup apache 2.2.4 alongwith mod_ssl and mod_jk. Mod_jk
has been successfully configured and working with two instances of
Jboss.
However after installing mod_ssl, does not seem to be
installed/configured properly. Is there some link which describes step
by step setup
Lalit Kapoor wrote:
Can you give me some idea if it possible to add mod_ssl in running
configuration or do i need to recompile and install apache with mod_ssl.
Have you tried 'yum install mod_ssl'?
--
Omar W. Hannet
http://www.all
Hi,
I am using following version of apache, i got it installed using " yum
install httpd ".
Server version: Apache/2.0.52
Server built: Aug 2 2006 05:21:10
There is a requirement of adding mod_ssl module to existing apache
configuration.
Can you give me some idea if it possi
how up fine in my log files, without errors.
These customers can visit other HTTPS sites. My site works fine for
the
vast majority of people. I'm stumped on the next step to try and debug
the problem. Any suggestions?
My server configuration:
Apache 2.0.54 with mod_ssl and mod_deflate, runni
eisler" <[EMAIL PROTECTED]>
To:
Sent: Thursday, June 07, 2007 11:30 PM
Subject: Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
Hi Mark,
Did you try Google <http://www.google.com/search?q=Starfield+cert+ie6>?
I guess, the root certificate causes the trouble.
Sven
se customers can visit other HTTPS sites. My site works fine for the
>>> vast majority of people. I'm stumped on the next step to try and debug
>>> the problem. Any suggestions?
>>>
>>> My server configuration:
>>> Apache 2.0.54 with mo
Hi guys,
Is there a definitive way of finding out the version of OpenSSL used by
httpd, with mod_ssl statically compiled into it.
Thanks!
|-+->
| | [EMAIL PROTECTED]|
| | om|
| | S
y suggestions?
My server configuration:
Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
For an example URL, try: https://www.beileysoftware.com/handy.html
Thanks,
Mark
http://www.beiley.com
__
Apache Inte
e. I'm stumped on the next step to try and debug
> the problem. Any suggestions?
>
> My server configuration:
> Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
>
> For an example URL, try: https://www.b
| To: modssl-users@modssl.org<
|
| cc:
|
| Subject: Re: OpenSSL ver
fine in my log files, without errors.
These customers can visit other HTTPS sites. My site works fine for the
vast majority of people. I'm stumped on the next step to try and debug
the problem. Any suggestions?
My server configuration:
Apache 2.0.54 with mod_ssl and mod_deflate, running on
here are a few things you could try:
1) Set the following in your environment before you build apache/mod_ssl
SSL_BASE=/usr/local/openssl (wherever the libs are you want to compile against)
export SSL_BASE
2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and mov
Question: How do I find out the version of openssl used by my httpd that
has mod_ssl statically compiled into it?
"HEAD / HTTP/1.0" shows no mod_ssl info, and the only way in which I can
get anything is to use the following in the Apache conf:
CustomLog /tmp/ssl.log "%{SSL_VE
To: modssl-users@modssl.org
Subject: RE: mod_ssl performance problems - FreeBSD
The cipher you allow will have a big impact on performance.
Tim Lovelace <[EMAIL PROTECTED]> wrote:
Thanks for the response. Although I expected a pretty decent difference
between HTTP and HTTPS I didnt real
e some good general tuning I should try out?
Thanks
Tim
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Sunday, March 25, 2007 11:14 AM
To: modssl-users@modssl.org
Cc: [EMAIL PROTECTED]
Subject: RE: mod_ssl perfo
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Sunday, March 25, 2007 11:14 AM
To: modssl-users@modssl.org
Cc: [EMAIL PROTECTED]
Subject: RE: mod_ssl performance problems - FreeBSD
What hardwre are you using for the client and the server? are you running
ab from
:[EMAIL PROTECTED]
On Behalf Of Tim Lovelace
Sent: Sunday, March 25, 2007 7:54 AM
To: modssl-users@modssl.org
Subject: mod_ssl performance problems - FreeBSD
Hello,
I am having some issues with my SSL implementation on a FreeBSD 6.2-RELEASE
system. I am currently running the following software
Hello,
I am having some issues with my SSL implementation on a FreeBSD 6.2-RELEASE
system. I am currently running the following software
Server Version: Apache/1.3.37 (Unix) PHP/5.1.6 with Suhosin-Patch
mod_ssl/2.8.28 OpenSSL/0.9.7e-p1
All built from ports. In testing of the web
Hi there,
I have installed Apache 2.0.59 from the sourcecode with the mod_jk
module, but no I have a problem since I want ( I need) to install the
mod_ssl module but I don't want to recompile or reinstall the whole
Apache. Is it possible to do so? Is there any way of compiling onl
I'm trying to build apache 1.3.37 with ssl support on a Ubuntu 6.1
running on a AMD Turion 64.
I've downloaded the following packages:
Apache 1.3.37 sources (apache_1.3.37.tar.gz from httpd.apache.org)
Mod SSL 2.8.28 (mod_ssl-2.8.28-1.3.37.tar.gz from www.modssl.org)
Open SSL 0.9.8
Hi,
When I use mod_ssl and test it with RoadRunner it dumps core. The details
are given below.
$ openssl version
OpenSSL 0.9.8d 28 Sep 2006
$ httpd -v
Server version: Apache/2.0.58 HP-UX_Apache-based_Web_Server
Server built: Dec 20 2006 13:10:19
$
(gdb) bt
#0 0xc0214508 in kill+0x10 ()
#1
I'm trying to build apache 1.3.37 with ssl support on a Ubuntu 6.1
running on a AMD Turion 64.
I've downloaded the following packages:
Apache 1.3.37 sources (apache_1.3.37.tar.gz from httpd.apache.org)
Mod SSL 2.8.28 (mod_ssl-2.8.28-1.3.37.tar.gz from www.modssl.org)
Open SSL 0.9.8
Good day for all. Ive got newly installed linux box with APACHE
1.3.27PHP/4.4.4 mod_ssl/2.8.28 OpenSSL/0.9.8d
Some times in a day in httpd error_log appears lines
child pid * exit signal Segmentation fault (11)
I decided to get a core dump.
After using gdb utility, i've got the foll
On Fri, Dec 29, 2006 at 08:31:32PM +, Bahadir Balban wrote:
> Does mod_ssl work on Apache 2.x? Why does it say mod_ssl is for 1.3
> everywhere?
Because the version of mod_ssl you find at modssl.org is only for 1.3.
>
> Is there any other ssl solution to apache 2.x?
>
--
Hi,
Does mod_ssl work on Apache 2.x? Why does it say mod_ssl is for 1.3 everywhere?
Is there any other ssl solution to apache 2.x?
Thanks,
Bahadir
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
help.
I have downloaded the latest Apache
version 'httpd-2.2.3'. I am at the point where I need to patch it
with 'mod_ssl" module. Can you guide me how to patch 'httpd-2.2.3'
with the latest version of 'mod_ssl-2.2.828-1.3.37'?
Thanks in advance.
Ki
Cliff:
You are all right. This is my first try to
build a server, so I need further help.
I have downloaded the latest Apache
version ’httpd-2.2.3’. I am at the point where I need to patch it
with ‘mod_ssl” module. Can you guide me how to patch ‘httpd-2.2.3’
with the latest version
nd yours reply
=) I would very have solved it without.
With love,
Louise
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.o
What this person is getting at is that the reason you can't find a mod_ssl patch for Apache 2.x is that mod_ssl comes pre-bundled with Apache 2.x. Just enable it when you run configure on the apache build.--Cliff
On 11/7/06, Kong, Yi - HPL <[EMAIL PROTECTED]> wrote:
You add ss
You add ssl arguement when you configure the
apache
From: kbajwa [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 07, 2006 10:22 AMTo:
modssl-users@modssl.orgSubject: Mod_SSL
Hello List:
My first posting! I am
installing Apache-2.2.3 and would like to install mod_ssl. I notice that
Hello List:
My first posting! I am installing Apache-2.2.3 and would like
to install mod_ssl. I notice that current/latest version of mos_ssl is for
Apache-1.x.x version. Is there any way (with a patch) to install the latest
version of mod_ssl on Apache-2.x.x?
Thanks.
Kirt
Apache 2 SSL question which is probably related to mod_ssl:
The Apache 2.2.3 SSL implementation has a pool in the ssl_expr_node
struct (in ssl_expr.h) whereas the latest mod_ssl implementation does
not. I know mod_ssl is only for Apache 3.1.* but the pool in Apache
2.2.3 doesn't seem to be
g
around in the filesystem to find that one. I'm a noobie or I guess I
would have found it quicker. :-)
Patrick
______
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
_
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice bui
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
? =)
Lots of love,
Louise
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
wrote:
Interesting. Must be an Apache 2.2.X thing. The symbol
definitely does not appear in 2.0.55.
Per Olausson wrote:
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing
t
completely a rarity when using Apache.
The reason I am concerned is because mod_ssl indirectly references
SSL_get_shared_ciphers. It is in use. You can see this if you use
something like nm and grep for this function.
So is mod_ssl vulnerable? Is the functionality insulated and not
poss
t;>
> >>I posted a question about this to the apache security mailbox, but
> >>nobody responded. I guess that is inline with the policy for that
> >>mailbox even if I find it somewhat unhelpful, considering that SSL isn't
> >>completely a rarity wh
this to the apache security mailbox, but
nobody responded. I guess that is inline with the policy for that
mailbox even if I find it somewhat unhelpful, considering that SSL isn't
completely a rarity when using Apache.
The reason I am concerned is because mod_ssl indirectly
ailbox even if I find it somewhat unhelpful, considering that SSL isn't
> completely a rarity when using Apache.
>
> The reason I am concerned is because mod_ssl indirectly references
> SSL_get_shared_ciphers. It is in use. You can see this if you use
> something like nm and
isn't
completely a rarity when using Apache.
The reason I am concerned is because mod_ssl indirectly references
SSL_get_shared_ciphers. It is in use. You can see this if you use
something like nm and grep for this function.
So is mod_ssl vulnerable? Is the functionality insulated an
> > Erol Yalaz schrieb:
> >> I have a WIN2003 box with the latest Apache on it (2.2.3) and it is
> >> working great. I need to get mod_ssl working.
> Unfortunately, I can't
> >>
> >> Any suggestions? Shouldn't there be some pre-compiled
http://hunter.campbus.com/ - and yes Chris is trustworthy. Blame Canada :)
Bill
Eckard Wille wrote:
> Erol Yalaz schrieb:
>> I have a WIN2003 box with the latest Apache on it (2.2.3) and it is
>> working great. I need to get mod_ssl working. Unfortunately, I can’t
>&g
Stanley Laufer wrote:
> Does anyone know if Mod_SSL uses the SSL_get_shared_ciphers()
> function from OpenSSL?
>
> As you may know a buffer overflow has been detected in that
> function in OpenSSL versions prior to 0.9.8d.
>
> I'm trying to find out if Mod_SSL uses t
1 - 100 of 3042 matches
Mail list logo