-users@modssl.org
Subject: Re: Specifying the openssl version used with mod_ssl
Hello Gunner,
Have you tried
--enable-ssl --with-ssl=/path/to/just/compiled/openssl ?
Regards,
Gregg
Gunner Geller wrote:
Hello,
We are using mac Leopard OS. We have rolled our own Apache(2.2.16)
separate
version. However when we compile Apache and enable mod_ssl it
still uses the old OpenSSL version. We can see it in our http headers:
Apache/2.2.16 (Unix) mod_ssl/2.2.16 OpenSSL/0.9.7l
When typing openssl version from my account and the root account I get:
OpenSSL 1.0.0a 1 Jun 2010
I've seen
)
SSL Library Error: 336027900 error:140760FC:SSL
routines:SSL23_GET_CLIENT_HELLO:unknown protocol speaking not SSL to
HTTPS port!?
[client ::1] Connection closed to child 9 with abortive shutdown
(server localhost:443)
I am using mod_ssl/2.2.11 compiled against Server: Apache/2.2.11
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
Hello,
I would like to do the following (Apache 2.2 config):
Directory /var/www/desert/storage/jctmirrorserver/dav/Service42
AuthUserFile /dev/null
#SSLOptions +ExportCertData +FakeBasicAuth
SSLOptions +FakeBasicAuth
#SSLRequire (%{SSL_CLIENT_S_DN_O} in {ClientO1, ClientO2})
AuthLDAPURL
I need to implement a FIPS 140 compliant version of mod_ssl. Is there a
patch file or a distribution of mod_ssl
currently available for download which can be used in conjunction with
the fips compliant libopenssl?
I found a link to a patch file for modssl in a message sent earlier in
2008
Hi, experts:
Here are the environment configuration:
Web server: Apache/2.0.46 (Unix) mod_jk/1.2.4
Server: -HP-UX
Tomcat: 4.0
I have a apache already installed (by other team, which doesnt know if there´s
the module mod_ssl). The final purpose is to secure my current http to https
All,
I´m told that having the directives in httpd.conf
IfModule ssl_module
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
/IfModule
means that my apache is configured with mod_ssl (thanks to the guy that told me
so!)
Now the question risen up is how do I do to have my https
Dave and All:
Ok, now I know I can try the directives in my apache.
Althought by the directives SSLRandomSeed it´s indicating I have the mod_ssl
installed, I checked and the files mod_ssl.so and mod_ssl.c are not in the
paths indicated, not in libexec/, nor in module/.
How do I get those files
Subject: RE: Need to add/enable/install mod_ssl
Dave and All:
Ok, now I know I can try the directives in my apache.
Althought by the directives SSLRandomSeed it´s indicating I have the mod_ssl
installed, I checked and the files mod_ssl.so and mod_ssl.c are not in the
paths indicated
Hello,
Can MOD_SSL be configured to only use the FIPS 140-2 complaint openssl ???
Ed
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now.
http://mobile.yahoo.com/;_ylt
I have a Solaris box with Apache 2.2.3 and mod_ssl 2.2.3. Our security
consultant ran a vulnerability software and the report recommended to upgrade
to mod_ssl 2.8.24 or higher. Is this possible ? as i only see
releases for Apache 1.3.x What are your recommendations?
thanks
you are running the
newer apache tree.
Thanks,
Ron DuFresne
On Tue, 1 Apr 2008, Sir June wrote:
I have a Solaris box with Apache 2.2.3 and mod_ssl 2.2.3. Our security
consultant ran a vulnerability software and the report recommended to upgrade
to mod_ssl 2.8.24 or higher
I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl as
well. My concern is about the two vulnerabilities
(http://www.securityfocus.com/bid/10736/info,
http://www.securityfocus.com/bid/4189/info). I do not have any information
whether or not these two vulnerabilities
I have downloaded the sources of latest apache 2.2.8 that includes mod_ssl as
well. My concern is about the two vulnerabilities
(htp://www.securityfocus.com/bid/10736/info,
htp://www.securityfocus.com/bid/4189/info). I do not have any information
whether or not these two vulnerabilities
I've found a solution to this problem. You have to use the version of
OpenSSL installed on your machine. In my case, it's 0.9.7l (the latest
version Apple is supporting). When I tried configuring mod_ssl with
SSL_BASE=SYSTEM, it failed saying it couldn't find the OpenSSL libraries.
So I
Hi,
I am trying to run Apache 1.3.39 with mod_ssl 2.8.30, openssl 0.9.8g and
mm 1.4.2. I am able to successfully compile it, but when I start Apache
in SSL mode, it exits immediately. Looking in the error log, I see the
following message:
dyld: lazy symbol binding failed: Symbol not found
?
Never miss a thing. Make Yahoo your home page.
http://www.yahoo.com/r/hs
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
them fast with Yahoo! Search.
http://tools.search.yahoo.com/newsearch/category.php?category=shopping
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl
As of Apache 2.x mod_ssl is included in the distribution. All you
should have to do is enable the module in the configuration file.
Rich
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
Hi folks,
I'm a complete newbie to compiling apache, and I'm trying to install my
first SSL certificate. All instructions I can find so far all assume that I
have mod_ssl installed already.
I'm willing to install it, but all of the references I can find to the
latest and greatest version
On Fri, Dec 14, 2007 at 02:10:17PM -0600, Chris Jordan wrote:
Hi folks,
I'm a complete newbie to compiling apache, and I'm trying to install my
first SSL certificate. All instructions I can find so far all assume that I
have mod_ssl installed already.
I'm willing to install it, but all
-0600, Chris Jordan wrote:
Hi folks,
I'm a complete newbie to compiling apache, and I'm trying to install my
first SSL certificate. All instructions I can find so far all assume
that I
have mod_ssl installed already.
I'm willing to install it, but all of the references I can find
Hello. I'm having trouble compiling Apache with mod_ssl, on an MacBook
Pro running Mac OS 10.5.1. I'm trying to build the following programs
(rather than using the ones that come with the OS):
openssl-0.9.8g
mm-1.4.1
mod_ssl-2.8.30-1.3.39
apache_1.3.39
tell me
what I'm doing wrong below?
-Thanks
tar zxvf apache_1.3.33.tar.gz
tar zxvf mod_ssl-2.8.24-1.3.33.tar.gz
tar zxvf openssl-0.9.6b.tar.gz
tar zxvf mod_perl-1.0-current.tar.gz
cd openssl-0.9.8b
./config
make
cd ..
cd mod_ssl-2.8.24-1.3.33
./configure \
--with-apache=../apache_1.3.33
On Mon, Sep 10, 2007, Ralf S. Engelschall wrote:
Apache 1.3.39 was released recently.
An updated mod_ssl 2.8.29 for Apache 1.3.39 is now available, too.
Find it on: http://www.modssl.org/
Unfortunately, there was a bug in the auto-generated patch caused by a
changed amount of patch hunks
Does anyone know that a new version of mod_ssl is under construction for
use with apache 1.3.39?
I tried to compile Apache-1.3.39 with mod_ssl for 1.3.37 but that kills
apache...
best regards,
Pascal
__
Apache Interface
Some of the patches in eapi.patch do not apply cleanly and are
rejected. This means that, unless you hand apply them, the
patch isn't complete and you core dump when mod_ssl is trying
to hook.
Pascal Nobus wrote:
Does anyone know that a new version of mod_ssl is under construction for
use
I patched the EAPI patch to apply cleanly to 1.3.39. This should work
until a version is rolled for 1.3.39.
Cheers,
Doug
diff -PurN mod_ssl-2.8.28-1.3.37/pkg.eapi/eapi.patch
mod_ssl-2.8.28-1.3.39/pkg.eapi/eapi.patch
--- mod_ssl-2.8.28-1.3.37/pkg.eapi/eapi.patch 2007-09-10 13:31:38.0
Apache 1.3.39 was released recently.
An updated mod_ssl 2.8.29 for Apache 1.3.39 is now available, too.
Find it on: http://www.modssl.org/
Ralf S. Engelschall
[EMAIL PROTECTED
I have a feeling that I'm missing something
elementary here. I have an install of apache 2.0.55 with mod_ssl
enabled on a HP-UX system in /opt/apache2. This one runs fine. I
recompiled another copy of apache (same version) into /opt/apache2a (for
testing purposes) to add
installation is linked to these exact same libraries and although
there's a PassEnv command in it's httpd.conf, nothing was added to
envvars.
If it *is* a permissions issue, what does mod_ssl need permission to get
to in order to function properly? I notice that the ssl_scache.dir
All,
I recently ran into a problem with mod_ssl and Internet Explorers version 6 and
7. I have found that in the case where SSLVerifyClient is set to anything
other than exactly none with Apache 1.3.x and mod_ssl 2.8.x that a client
using Internet Explorer version 6 or 7 cannot connect
All,
I recently ran into a problem with mod_ssl and Internet Explorers version 6 and
7. I have found that in the case where SSLVerifyClient is set to anything
other than exactly none with Apache 1.3.x and mod_ssl 2.8.x that a client
using Internet Explorer version 6 or 7 cannot connect
email. Don't settle for
less, sign up for
your free account today
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
__
Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
___
Yahoo! Mail is the world's favourite email. Don't settle for less, sign up for
your free account today
http://uk.rd.yahoo.com/evt=44106/*http://uk.docs.yahoo.com/mail/winter07.html
__
Apache Interface to OpenSSL (mod_ssl
Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
--
Omar W. Hannet
http://www.allez-oop.net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Even more revealing was the passphrase prompt, not required for plain
httpd...
Thanks,
Ron DuFresne
On Tue, 19 Jun 2007, Omar W. Hannet wrote:
Are you quite certain that the LoadModule for mod_ssl has been
commented out? The reason I ask
Are you quite certain that the LoadModule for mod_ssl has been
commented out? The reason I ask: the output from 'apachectl start'
which you provided below shows 'mod_ssl/2.2.4'.
In the log file /opt/apache-2.2.4/logs/error_log, on lines that contain
'Apache/2.2.4' and 'configured -- resuming
Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl
is FIPS 140-2 validated? What version of OpenSSL is distributed with the
current version of Apache? Any help is much appreciated...
Thanks,
David Gerendas, CISSP
McAfee, Inc.
949-297-5600 Main
949-860-3369 Direct
949
http://csrc.nist.gov/cryptval/140-1/1401val2007.htm#733
Best~
-d
[EMAIL PROTECTED] wrote:
Does anyone know if the Apache v2.2.x implementation of OpenSSL mod_ssl
is FIPS 140-2 validated? What version of OpenSSL is distributed with the
current version of Apache? Any help is much appreciated
/2.2.4 mod_ssl/2.2.4 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server 10.3.110.109:443 (RSA)
Enter pass phrase:
OK: Pass Phrase Dialog successful.
Httpd.conf
# Secure (SSL
whereas
this is actually a http server.
Perhaps mod_ssl is a compiled-in module. Run 'httpd -l' to check this.
After I enter a passphrase, it shows
successful but the server never starts up. Can someone please help?
The reason probably can be found in Apache's error_log file.
Also can apache
prefork.c
http_core.c
mod_so.c
How do I compile so that it does not load mod_ssl automatically and
loads only if httpd.conf is configured.
Surprisingly there are no error logs even at debug level.
Thank you so very much for the kind help.
-Original Message-
From: [EMAIL PROTECTED]
[mailto
my apology for late replies...it works for me.
Thanks Team !!!
On 6/12/07, Omar W. Hannet [EMAIL PROTECTED] wrote:
Lalit Kapoor wrote:
Can you give me some idea if it possible to add mod_ssl in running
configuration or do i need to recompile and install apache with mod_ssl.
Have you tried
Hi,
I am using following version of apache, i got it installed using yum
install httpd .
Server version: Apache/2.0.52
Server built: Aug 2 2006 05:21:10
There is a requirement of adding mod_ssl module to existing apache
configuration.
Can you give me some idea if it possible to add
Lalit Kapoor wrote:
Can you give me some idea if it possible to add mod_ssl in running
configuration or do i need to recompile and install apache with mod_ssl.
Have you tried 'yum install mod_ssl'?
--
Omar W. Hannet
http://www.allez-oop.net
Hi,
We are trying to setup apache 2.2.4 alongwith mod_ssl and mod_jk. Mod_jk
has been successfully configured and working with two instances of
Jboss.
However after installing mod_ssl, does not seem to be
installed/configured properly. Is there some link which describes step
by step setup
in my log files, without errors.
These customers can visit other HTTPS sites. My site works fine for
the
vast majority of people. I'm stumped on the next step to try and debug
the problem. Any suggestions?
My server configuration:
Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
can visit other HTTPS sites. My site works fine for the
vast majority of people. I'm stumped on the next step to try and debug
the problem. Any suggestions?
My server configuration:
Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
For an example URL, try: https
PROTECTED]
To: modssl-users@modssl.org
Sent: Thursday, June 07, 2007 11:30 PM
Subject: Re: Apache 2.0 + mod_ssl problems with IE6 on XP (no SP2)
Hi Mark,
Did you try Google http://www.google.com/search?q=Starfield+cert+ie6?
I guess, the root certificate causes the trouble.
Sven.
Mark Beiley
log files, without errors.
These customers can visit other HTTPS sites. My site works fine for the
vast majority of people. I'm stumped on the next step to try and debug
the problem. Any suggestions?
My server configuration:
Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
|
| cc:
|
| Subject: Re: OpenSSL verion from mod_ssl statically compiled
:
Apache 2.0.54 with mod_ssl and mod_deflate, running on Windows XP
For an example URL, try: https://www.beileysoftware.com/handy.html
Thanks,
Mark
http://www.beiley.com
__
Apache Interface to OpenSSL (mod_ssl
Hi guys,
Is there a definitive way of finding out the version of OpenSSL used by
httpd, with mod_ssl statically compiled into it.
Thanks!
|-+-
| | [EMAIL PROTECTED]|
| | om|
| | Sent
are a few things you could try:
1) Set the following in your environment before you build apache/mod_ssl
SSL_BASE=/usr/local/openssl (wherever the libs are you want to compile against)
export SSL_BASE
2) Find the libs ( find /usr/* -type f -name '*ssl*' ), tar them up and move
them into another
Question: How do I find out the version of openssl used by my httpd that
has mod_ssl statically compiled into it?
HEAD / HTTP/1.0 shows no mod_ssl info, and the only way in which I can
get anything is to use the following in the Apache conf:
CustomLog /tmp/ssl.log %{SSL_VERSION_LIBRARY}x
good general tuning I should try out?
Thanks
Tim
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Sunday, March 25, 2007 11:14 AM
To: modssl-users@modssl.org
Cc: [EMAIL PROTECTED]
Subject: RE: mod_ssl performance
To: modssl-users@modssl.org
Subject: RE: mod_ssl performance problems - FreeBSD
The cipher you allow will have a big impact on performance.
Tim Lovelace [EMAIL PROTECTED] wrote:
Thanks for the response. Although I expected a pretty decent difference
between HTTP and HTTPS I didnt realize
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of [EMAIL PROTECTED]
Sent: Sunday, March 25, 2007 11:14 AM
To: modssl-users@modssl.org
Cc: [EMAIL PROTECTED]
Subject: RE: mod_ssl performance problems - FreeBSD
What hardwre are you using for the client and the server? are you running
ab from
Hi there,
I have installed Apache 2.0.59 from the sourcecode with the mod_jk
module, but no I have a problem since I want ( I need) to install the
mod_ssl module but I don't want to recompile or reinstall the whole
Apache. Is it possible to do so? Is there any way of compiling only
Hi,
When I use mod_ssl and test it with RoadRunner it dumps core. The details
are given below.
$ openssl version
OpenSSL 0.9.8d 28 Sep 2006
$ httpd -v
Server version: Apache/2.0.58 HP-UX_Apache-based_Web_Server
Server built: Dec 20 2006 13:10:19
$
(gdb) bt
#0 0xc0214508 in kill+0x10 ()
#1
I'm trying to build apache 1.3.37 with ssl support on a Ubuntu 6.1
running on a AMD Turion 64.
I've downloaded the following packages:
Apache 1.3.37 sources (apache_1.3.37.tar.gz from httpd.apache.org)
Mod SSL 2.8.28 (mod_ssl-2.8.28-1.3.37.tar.gz from www.modssl.org)
Open SSL 0.9.8e (openssl
Good day for all. Ive got newly installed linux box with APACHE
1.3.27PHP/4.4.4 mod_ssl/2.8.28 OpenSSL/0.9.8d
Some times in a day in httpd error_log appears lines
child pid * exit signal Segmentation fault (11)
I decided to get a core dump.
After using gdb utility, i've got the following
Hi,
Does mod_ssl work on Apache 2.x? Why does it say mod_ssl is for 1.3 everywhere?
Is there any other ssl solution to apache 2.x?
Thanks,
Bahadir
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
On Fri, Dec 29, 2006 at 08:31:32PM +, Bahadir Balban wrote:
Does mod_ssl work on Apache 2.x? Why does it say mod_ssl is for 1.3
everywhere?
Because the version of mod_ssl you find at modssl.org is only for 1.3.
Is there any other ssl solution to apache 2.x?
--enable-ssl when
Cliff:
You are all right. This is my first try to
build a server, so I need further help.
I have downloaded the latest Apache
version httpd-2.2.3. I am at the point where I need to patch it
with mod_ssl module. Can you guide me how to patch httpd-2.2.3
with the latest version
downloaded the latest Apache
version 'httpd-2.2.3'. I am at the point where I need to patch it
with 'mod_ssl" module. Can you guide me how to patch 'httpd-2.2.3'
with the latest version of 'mod_ssl-2.2.828-1.3.37'?
Thanks in advance.
Kirt
-Original Message-
From:
[EMAIL PROTECTED] [m
Apache 2 SSL question which is probably related to mod_ssl:
The Apache 2.2.3 SSL implementation has a pool in the ssl_expr_node
struct (in ssl_expr.h) whereas the latest mod_ssl implementation does
not. I know mod_ssl is only for Apache 3.1.* but the pool in Apache
2.2.3 doesn't seem to be used
Hello List:
My first posting! I am installing Apache-2.2.3 and would like
to install mod_ssl. I notice that current/latest version of mos_ssl is for
Apache-1.x.x version. Is there any way (with a patch) to install the latest
version of mod_ssl on Apache-2.x.x?
Thanks.
Kirt
You add ssl arguement when you configure the
apache
From: kbajwa [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 07, 2006 10:22 AMTo:
modssl-users@modssl.orgSubject: Mod_SSL
Hello List:
My first posting! I am
installing Apache-2.2.3 and would like to install mod_ssl. I notice
What this person is getting at is that the reason you can't find a mod_ssl patch for Apache 2.x is that mod_ssl comes pre-bundled with Apache 2.x. Just enable it when you run configure on the apache build.--Cliff
On 11/7/06, Kong, Yi - HPL [EMAIL PROTECTED] wrote:
You add ssl arguement
have solved it without.
With love,
Louise
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager
Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
guess I
would have found it quicker. :-)
Patrick
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager
with this? =)
Lots of love,
Louise
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
AddType application/x-pkcs7-crl.crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
VirtualHost
a rarity when using Apache.
The reason I am concerned is because mod_ssl indirectly references
SSL_get_shared_ciphers. It is in use. You can see this if you use
something like nm and grep for this function.
So is mod_ssl vulnerable? Is the functionality insulated and not
possible to trigger
:
Interesting. Must be an Apache 2.2.X thing. The symbol
definitely does not appear in 2.0.55.
Per Olausson wrote:
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
this to the apache security mailbox, but
nobody responded. I guess that is inline with the policy for that
mailbox even if I find it somewhat unhelpful, considering that SSL isn't
completely a rarity when using Apache.
The reason I am concerned is because mod_ssl indirectly references
, considering that SSL isn't
completely a rarity when using Apache.
The reason I am concerned is because mod_ssl indirectly references
SSL_get_shared_ciphers. It is in use. You can see this if you use
something like nm and grep for this function.
So is mod_ssl vulnerable
isn't
completely a rarity when using Apache.
The reason I am concerned is because mod_ssl indirectly references
SSL_get_shared_ciphers. It is in use. You can see this if you use
something like nm and grep for this function.
So is mod_ssl vulnerable? Is the functionality insulated
, considering that SSL isn't
completely a rarity when using Apache.
The reason I am concerned is because mod_ssl indirectly references
SSL_get_shared_ciphers. It is in use. You can see this if you use
something like nm and grep for this function.
So is mod_ssl vulnerable
Does anyone know if Mod_SSL uses the SSL_get_shared_ciphers()
function from OpenSSL?
As you may know a buffer overflow has been detected in that
function in OpenSSL versions prior to 0.9.8d.
I'm trying to find out if Mod_SSL uses the vulnerable function.
Thanks in advance.
Stanley E. Laufer
Stanley Laufer wrote:
Does anyone know if Mod_SSL uses the SSL_get_shared_ciphers()
function from OpenSSL?
As you may know a buffer overflow has been detected in that
function in OpenSSL versions prior to 0.9.8d.
I'm trying to find out if Mod_SSL uses the vulnerable function.
I just
http://hunter.campbus.com/ - and yes Chris is trustworthy. Blame Canada :)
Bill
Eckard Wille wrote:
Erol Yalaz schrieb:
I have a WIN2003 box with the latest Apache on it (2.2.3) and it is
working great. I need to get mod_ssl working. Unfortunately, I can’t
Any suggestions? Shouldn’t
hosts configuration files should be in
/etc/httpd/conf.d . The problem is that most of our virtual hosts use
mod_ssl, and that ssl.conf is itself not loaded first. As such, every
virtual host whose name is alphabetically before ssl.conf cannot use
ssl, as the Listen 443 directive is in ssl.conf
Hi,
This is regarding using Apache server with mod_ssl and mod_gsoap
modules. I am confused as to who would handle the certificate
verification in such a case where the directive 'SSLVerifyClient' is set
to 2. I understand gSoap has it' own authentication layer for users and
might actually
We are trying to implement: Windows XP, Apache 2.2.3, mod_ssl and running
into problems.
Question:
Is it possible to do this under Windows without compiling Apache from
source?
We were able to get it to work using Apache 2.0.59 after some wrangling with
OpenSSL and cert creation.
(Had to create
Apache 1.3.37 was released because of security issues.
Find a corresponding mod_ssl 2.8.28-1.3.37 at modssl.org now, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
Hi All,
Thanks.
This is regarding mod_ssl 2.8.16 security vulnerabilities.
We use mod_ssl-2.8.16 . Nessus tool reported few security vulnerability.
1) CVE : CVE-2004-0488 BID : 10355 Other references : OSVDB:6472
2) CVE : CVE-2004-0700 BID : 10736
3) CVE : CVE-2004-0488 BID : 10355
I am required to have our apache server using PKI client authentication
by the end of July.
I have set up a test server with the latest and greatest
Apache/2.2.2 (Unix)
mod_ssl/2.2.2
OpenSSL/0.9.7
I have set up a ssl.conf using
SSLVerifyClient require
SSLVerifyDepth 10
and populated a CA
Hello all
In my environment a reverse proxy using apache (and mod_ssl) secures
the frontend server.
The problem arises when using OWA and checking names in the mail being
sent. IE uses XMLHTTP to make asynchronious lookups of the username to
the backend resulting in a POST through the SSL
Today Apache 1.3.36 was released.
An updated mod_ssl 2.8.27 for Apache 1.3.36 is now available, too.
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
all
the mirrors have caught up.
The announce of 1.3.36 is here;
http://www.apache.org/dist/httpd/Announcement1.3.txt
Many thanks to Ralf for providing mod_ssl's corresponding patch so quickly.
Ralf S. Engelschall wrote:
Today Apache 1.3.36 was released.
An updated mod_ssl 2.8.27 for Apache
mod_ssl 2.8.26 for Apache 1.3.35 is now available:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
tion to go through for 3 months, so feel free to verify that they are still appropriate. [...]I had to add some "#if SSL_LIBRARY_VERSION 0x00904000...#else..#endif" to the patches to let it still work on older OpenSSLversions, but after this I've added to mod_ssl for release with v
to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
Perhaps
SSLVerifyClient require
Default is
SSLVerifyClient none
Greetings
Oliver
-Ursprüngliche Nachricht-
Von: [EMAIL PROTECTED] im Auftrag von Olaf Gellert
Gesendet: Mi 05.04.2006 14:08
An: modssl-users@modssl.org
Betreff: mod_ssl: SSLRequire
I try to do X.509 client
1 - 100 of 2407 matches
Mail list logo