://www.ecsirt.net/sensornet
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
winmail.dat
]
A daily view on Internet Attacks
https://www.ecsirt.net/sensornet
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
Hi: I am working on securing a webservice front-ended by the Apache webserver.It is possible that in this application the requirements will be : (1) Clients be authenticated using a password they enter using a form that is secured using https. For this I am planning to download mod_ssl
Hope this is the right place to ask this question. Please direct to another
list if I'm off-topic here.
I'm trying to install Apache 1.3.31 with Mod_SSL on a Windows Server 2003
box, ultimately for Apache-MySQL-PHP applications. I have all set up ok on
my desk top and thought it would be a simple
to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
-- if we use, for
example, Subversion VCS and make user authentication via certificate
we take strange commiter's usename.
I suggest to make some changes in mod_ssl module to allow set username as
a part of Subject of the Client's X509 Certificate.
For example, if SSLUserName is set
Apache 1.3.34 was released, so I've upgraded mod_ssl to apply cleanly to
this Apache version. No other changes. Fetch mod_ssl 2.8.25-1.3.34 from
the usual locations:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
Thanks for all the great info!
It definitly gives me a nice footing from which I can start.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users
key caching, anyone know how much this
will improve things?
Any good resources I can read?
thanks!
Lee
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
how
much this will improve things?
Any good resources I can read?
thanks!
Lee
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
at clustering?
Also.. I ahve heard about ssl session key caching, anyone know how much
this will improve things?
Any good resources I can read?
thanks!
Lee __
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
speaking -- it's
been a long time since I benchmarked it).
--Cliff
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager
[EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Monday, September 26, 2005 8:42 AM
Subject: Re: Mod_ssl and how to reduce overhead
Hi,
A few words about intended usage would be of great help.
- How many concurrent users
- Type of transactions
- You really think the http front is going to be you
Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED
heard about ssl session key caching, anyone know
how much this
will improve things?
Any good resources I can read?
thanks!
Lee
___
___
Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
User Support Mailing
raped by the penguin.
Oops, I hope this isn't a family list.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager
at clustering?
Also.. I ahve heard about ssl session key caching, anyone know how much
this
will improve things?
Any good resources I can read?
thanks!
Lee
__
Apache Interface to OpenSSL (mod_ssl
keep even without SSL.
Doesn't your pr0n streaming business generate enough income to pay for a
real server? ;)
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl
, 2005 1:27 PM
Subject: Re: Mod_ssl and how to reduce overhead
On Mon, Sep 26, 2005 at 11:28:11AM -0400, Pigeon wrote:
Hmm.. 10k -100k are pretty much guaranteed numbers..
That's quite a wide margin. Are we talking concurrent users or just
number of people who could be using it over a period
with the 1000mbit connection?
thank you for all of your time and input!
thanks
Lee
- Original Message -
From: Mads Toftum [EMAIL PROTECTED]
To: modssl-users@modssl.org
Sent: Monday, September 26, 2005 1:27 PM
Subject: Re: Mod_ssl and how to reduce overhead
On Mon, Sep 26, 2005
Subject: Re: Mod_ssl and how to reduce overhead
On Mon, Sep 26, 2005 at 11:28:11AM -0400, Pigeon wrote:
Hmm.. 10k -100k are pretty much guaranteed numbers..
That's quite a wide margin. Are we talking concurrent users or just
number of people who could be using it over a period of xx
asking
apache to stick it's finger in the dike.
Good luck.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager
to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
A subtle security bug (CAN-2005-2700) was discovered in mod_ssl where
where SSLVerifyClient require was not enforced in per-location context
if SSLVerifyClient optional was configured in the global virtual
host configuration. This bug is now fixed in mod_ssl 2.8.24 for Apache
1.3.33. Get it from
, 2005 9:10 PM
To: modssl-users@modssl.org
Subject: Problem starting mod_ssl and apache
All,
I am having an interesting problem where I am
getting the following error message when I start
Apache:
Cannot load /usr/lib/apache/mod_sxnet.so into server: shared object not open
I have built the following
, mod_ssl-2.8.23, openssl-0.9.8)
Anyone have an idea as to what is wrong? (Or what
I built wrong??)
Thanks :-)
Drew
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
As OpenSSL 0.9.8 was released today, I've released another maintenance
version mod_ssl 2.8.23 for use with Apache 1.3.33 and OpenSSL 0.9.8.
Included are also a few other changes (see below for details).
Get mod_ssl 2.8.23 from:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source
Hi all,
I am writing a module for apache
that needs to dump client certificate information from mod_ssl which ultimately
uses OpenSSL...
Does anyone have any idea how to
apply this hook?
Thanks..
Pj.
--
No virus found in this outgoing message.
Checked by AVG Anti
Hi!
I have found a small bug in 'apachectl' script (apache_1.3.33+mod_ssl-2.8.22).
'configtest' option of this script does not work inside IfDefine SSL clause.
The simple workaround is to add next block of code into script:
configtestssl)
if $HTTPD -t -DSSL
in error.log:
[Fri Jun 3 14:47:46 2005] [error] mod_ssl: SSL handshake failed: HTTP
spoken on HTTPS port; trying to send HTML error page...
What Apache actually sends though, is a 401 Authorization Required, so
you also get the authentication dialog in the web browser.
If you now fill in your
Title: Message
What
version of Apache and mod_ssl are you using? Are you trying to compile it in
static or are you using DSO? Need more details.
If
your unclear about the above, read this for a quick overview (if you haven't
already) http://www.modssl.org/docs/2.8/ssl_overview.html
become inappropriate. My love for you has no
strings attached. I love you for free...
-Tom Robins Still Life With Woodpecker
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User
Title: Is mod_ssl installed
I cant get ssl to work.
I did a search on my httpd.conf and it has (IfModule mod_ssl.c)
Include conf/ssl.conf
(/IfModule)
And when I do a httpd l I get:
Compiled in modules:
core.c
mod_access.c
mod_auth.c
mod_include.c
mod_log_config.c
2005 18:51
An: modssl-users@modssl.org
Betreff: Apache 2 with mod_ssl for windows
I've previously build Apache 1.3 for Windows with ssl support using
mod_ssl so I'm familiar with this process.
I looks like I need to do it for Apache 2 as well because I didn't see
the mod_ssl module
Thanks for the info.
I was able to get a clean build from the apache and openssl source
distributions last
night.
The apache site contains the following page which describes pretty well how to
build the
openssl, and apache with mod_ssl directly from the source if you have the
microsoft
for the info.
I was able to get a clean build from the apache and openssl source
distributions last
night.
The apache site contains the following page which describes pretty well
how to build the
openssl, and apache with mod_ssl directly from the source if you have the
microsoft developer
I'm slightly confused. The www.modssl.org site says that it is for
Apache 1 and makes no mention (that I could find) of Apache 2. Yet
there is a mod_ssl module mentioned on the Apache 2 web pages
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
credited to the same author.
What
On Wed, Jan 26, 2005 at 02:15:37AM -0800, ColinB wrote:
What is the relationship between mod_ssl for Apache 1 and Apache 2 ?
The mod_ssl in apache2 is based on the mod_ssl for Apache 1.3, but the
two versions are not the same module.
Why doesn't www.modssl.org say that it is for both Apache 1
I think I know the answer to this but what the heck...
I run apachectl -l and get...
core.c
worker.c
http_core.c
mod_so.c
No mod_ssl . This is Apache 2.0.39. Is there a way to get mod_ssl
installed on this server outside of re-installing Apache?
Thanks,
Tony Andrews
- Original Message
I've previously build Apache 1.3 for Windows with ssl support using
mod_ssl so I'm familiar with this process.
I looks like I need to do it for Apache 2 as well because I didn't see
the mod_ssl module in the windows pre-packaged install and the no ssl
at the end of the installer filename
not shut down the connection, that is, the client or peer has not
performed a shutdown(), close() or exit().
Of course, you could argue that mod_ssl should have implemented a
timeout for conditions like that.
Maybe there is some kind of protocol problem here, in that mod_ssl is
still expecting data
several days of data, the client IPs seem to be cache
servers.
Anyone know of a reason why the socket can't/won't close?
That's all the info I can think of reporting.
Anyone seen this problem before?
Since the problem doesn't happen with http, I -assume- this is a mod_ssl
problem, but if not, I'll try
-8700
http://www.mn-linux.org, Minnesota, Linux | Fax : (952)943-8500
Key fingerprint = AB15 0BDF BCDE 4369 5B42 1973 7CF1 A709 2CC1 B288
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support
.
Regards
Matt
--- Jason Kaskel [EMAIL PROTECTED] wrote:
This is technically both a mod_perl and mod_ssl
question. Maybe I
should harass their mailing list too.
I have a PerlAccessHandler that needs to access
certificate
information. According to what I've read the
environment isn't loaded
On Fri, Jan 14, 2005 at 04:48:09PM -0500, Jason Kaskel wrote:
This is technically both a mod_perl and mod_ssl question. Maybe I
should harass their mailing list too.
I have a PerlAccessHandler that needs to access certificate
information. According to what I've read the environment isn't
This is technically both a mod_perl and mod_ssl question. Maybe I
should harass their mailing list too.
I have a PerlAccessHandler that needs to access certificate
information. According to what I've read the environment isn't loaded
with this information until the fixup phase which occurs
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager[EMAIL PROTECTED]
guys,
I have mod_ssl working on my site.
It works fine with Mozilla/Firefox (regardless of OS), but it refuses to
work with IE. I have googled all the necessary things to get it working
with IE but nothing seems to work.
Logs:
tail -20 /var/log/apache/ssl_engine_log
| 3220: 63 67 69 3f 30 3e 06
network.
Despite generating the keys (password free) and signing them,
configuring to what I believed to be correct (obviously not) conf
files for mod_ssl and httpd, I get the following error:
$ openssl s_client -connect def.con.ca:443
CONNECTED(0003)
24271:error:140770FC:SSL
.
Practice is when something works, but you don't know why.
Programmers combine theory and practice:
Nothing works and they don't know why.
--Unknown
- Original Message -
From: Tim Howell [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, October 28, 2004 10:17 AM
Subject: Re: mod_ssl
.
http://support.microsoft.com/default.aspx?kbid=305217
http://www.microsoft.com/technet/security/bulletin/MS04-004.mspx
We also get the following error in the SSL error
log:
[Tue Oct 26 06:43:04 2004] [error] mod_ssl: SSL
handshake interrupted by system
[Hint: Stop button pressed
Apache 1.3.32's mod_ssl 2.8.21 still works fine for Apache 1.3.33.
Nevertheless I've rolled a new patch-adjusted version mod_ssl 2.8.22
which fits 1:1 for Apache 1.3.33.
Ralf S. Engelschall
[EMAIL PROTECTED
I've just installed a VeriSign 128 bit certificate on a server running
Apache 2.0.50 with mod_ssl. Connecting to the server over https works
fine from all of the Windows clients I've tried (Win2K using both IE 6
and Firefox 1.0PR). However, whenever I try to connect from a MacOS
client (using
On Thu, 28 Oct 2004 09:42:53 -0700, Tim Howell
[EMAIL PROTECTED] wrote:
I've just installed a VeriSign 128 bit certificate on a server running
Apache 2.0.50 with mod_ssl. Connecting to the server over https works
fine from all of the Windows clients I've tried (Win2K using both IE 6
Bernd,
It appears that the updated package is already released.
From what I can tell, it has been up for a few hours
now.
http://www.modssl.org/source/mod_ssl-2.8.21-1.3.32.tar.gz
Cheers!
Drew J. Como Phone: 631-434-6600
Systems
Apache 1.3.32 was released. Although mod_ssl 2.8.20-1.3.31 both applies
and works fine with Apache 1.3.32 I've upgraded mod_ssl to this new
Apache version and released the results as mod_ssl 2.8.21-1.3.32.
Ralf S. Engelschall
Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache
1.3.31 was released today. You can get it at the usual location:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
Prompted by a security issue (see below), mod_ssl 2.8.20 for Apache
1.3.31 was released today. You can get it at the usual location:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Yours,
Ralf S. Engelschall
Hi,
is it possible to use ciphers trough EVP interface ? In openssl it's
easy to do using '-evp' option. I haven't seen any option in mod_ssl
related to this. Thanks,
Gabriel
__
Apache Interface to OpenSSL (mod_ssl
mod_ssl working on
solaris
First we tried at suse 8.2 and there was no problem
at all, but now we have
troubles and hope someone can give us a hint..
While doing config and make there seems to be no
problem
Even apache can be started and apachectl
configtest says Syntax OK
but when
Hi,
we have some problems to get mod_ssl working on solaris
First we tried at suse 8.2 and there was no problem at all, but now we have
troubles and hope someone can give us a hint..
While doing config and make there seems to be no problem
Even apache can be started and apachectl configtest says
Hi,
This is a general question about mod_ssl.
Once the environment of the mod_ssl gets populated, is
it possible to change the env variables through
another module? For example, the certificate
information gets passed as SSL_CLIENT_S_DN, and I need
to rewrite that string value with something else
for mod_ssl 2.8.20 the following patch. Thanks for your feedback.
Might mod_ssl 2.8.20 be released in the near future, e.g within a week?
No, I'll certainly accumulate more fixes before a release, I think.
Ralf S. Engelschall
Sorry I am away on annual leave.
Please contact OLSU if urgent, otherwise i will get back
to you as soon as possible on my return on the 2nd August 2004.
__
Apache Interface to OpenSSL (mod_ssl
Ralf S. Engelschall wrote:
Yes, although they are not security related, they could crash the
server, too. So we should fix those formatting bugs, too. A little bit
of extra casting might be required, I think. I've now committed to my
CVS for mod_ssl 2.8.20 the following patch. Thanks for your
(long));
near that.
Casting the value to a long would be better than a runtime assertion if
you're worried about it, there's only one place it happens.
joe
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
__
Apache Interface to OpenSSL (mod_ssl)
www.modssl.org
User Support Mailing List
[EMAIL PROTECTED]
Automated List Manager
[EMAIL PROTECTED]
__
Do you Yahoo!?
Yahoo! Mail - Helps
On Fri, Jul 16, 2004, Joe Orton wrote:
I'm checking an older version of mod_ssl but there are a couple of other
uninteresting format string warnings from gcc. I think it's portable to
assume time_t is a long...
[...]
Yes, although they are not security related, they could crash the
server
On Sat, Jul 17, 2004 at 08:57:09AM +0200, Ralf S. Engelschall wrote:
Yes, although they are not security related, they could crash the
server, too. So we should fix those formatting bugs, too. A little bit
of extra casting might be required, I think. I've now committed to my
CVS for mod_ssl
We've today found an ssl_log() related format string vulnerability in
the mod_proxy hook functions of mod_ssl for Apache 1.3.x (mod_ssl for
Apache 2.x is not affected). A mod_ssl 2.8.19 for Apache 1.3.31 was
created which fixes this potential security hole.
Get mod_ssl-2.8.19-1.3.31.tar.gz from
I'm checking an older version of mod_ssl but there are a couple of other
uninteresting format string warnings from gcc. I think it's portable to
assume time_t is a long...
--- ./ssl_engine_io.c.warnings 2002-02-23 18:45:45.0 +
+++ ./ssl_engine_io.c 2004-07-16 22:02:32.0
On Thu, May 27, 2004 at 17:21:07 +0100, Joe Orton wrote:
On Thu, May 27, 2004 at 05:09:17PM +0200, Boyle Owen wrote:
On Thu, May 27, 2004 at 15:21:37 +0200, Ralf S. Engelschall wrote:
Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004)
*) Fix buffer overflow in SSLOptions
On Fri, May 14, 2004, a k wrote:
Did you add my eintr fix ?
[...]
Ops, I seem to have overlooked this.
I'll include this into mod_ssl 2.8.18.
Thanks.
Ralf S. Engelschall
[EMAIL PROTECTED
A security issue was discovered.
It is now fixed with mod_ssl 2.8.18.
Please upgrade your installations ASAP.
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source/
Ralf S. Engelschall
[EMAIL PROTECTED
test
On Thu, 27 May 2004 14:49:35 +0200, Ralf S. Engelschall
[EMAIL PROTECTED] wrote:
On Fri, May 14, 2004, a k wrote:
Did you add my eintr fix ?
[...]
Ops, I seem to have overlooked this.
I'll include this into mod_ssl 2.8.18.
Thanks.
Ralf S. Engelschall
On Thu, May 27, 2004 at 15:21:37 +0200, Ralf S. Engelschall wrote:
Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004)
*) Fix buffer overflow in SSLOptions +FakeBasicAuth implementation
if the Subject-DN in the client certificate exceeds 6KB in length.
(CVE CAN-2004
-Original Message-
From: Udo Schweigert [mailto:[EMAIL PROTECTED]
Sent: Donnerstag, 27. Mai 2004 17:03
To: [EMAIL PROTECTED]
Subject: Re: [ANNOUNCE] mod_ssl 2.8.18
On Thu, May 27, 2004 at 15:21:37 +0200, Ralf S. Engelschall wrote:
Changes with mod_ssl 2.8.18 (11-May-2004
On Thu, May 27, 2004 at 05:09:17PM +0200, Boyle Owen wrote:
On Thu, May 27, 2004 at 15:21:37 +0200, Ralf S. Engelschall wrote:
Changes with mod_ssl 2.8.18 (11-May-2004 to 27-May-2004)
*) Fix buffer overflow in SSLOptions +FakeBasicAuth
implementation
if the Subject-DN
Thanks !!
ak
--- Ralf S. Engelschall [EMAIL PROTECTED] wrote:
On Fri, May 14, 2004, a k wrote:
Did you add my eintr fix ?
[...]
Ops, I seem to have overlooked this.
I'll include this into mod_ssl 2.8.18.
Thanks.
Ralf S.
Engelschall
I am away on paternity leave for the next few days.
Please contact OLSU if urgent, otherwise i will get back
to you as soon as possible on my return.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
,SSL
READ ERROR IGNORED on pid (%d)\n,getpid());
continue;
}
--- Ralf S. Engelschall [EMAIL PROTECTED] wrote:
Yesterday Apache 1.3.31 was released. I've updated
mod_ssl 2.8 to this
version and released the result (together with some
other pending
bugfixes; see
Yesterday Apache 1.3.31 was released. I've updated mod_ssl 2.8 to this
version and released the result (together with some other pending
bugfixes; see below) as mod_ssl 2.8.17-1.3.31. You can find it under the
usual locations:
o http://www.modssl.org/source/
o ftp://ftp.modssl.org/source
to return a given page when the mod_ssl
module detects an error?
For instance when someone tries to access a folder where client
certificates are requires, I would like to redirect to a page that
mentions that client certificates are required. Same for other filters
that mod_ssl supports.
regards
Hello,
Does mod_ssl support any type of error handling for
the client certificate authentification?
I'd really like to have another page load than a
server not found one when a client presents an invalid certificate.
If not, is it possible to bypass some verifications
such as the cert
/
---
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL
Hi,
I am running apache2, mod_ssl, on freebsd4.9 and I am using the mod_rewrite
engine to redirect requests for http - https.
I have this working using:
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [R,L]
The nasty problem is that when I redirect
.
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
On Tue, Mar 23, 2004 at 04:33:11PM +0100, Evert Meulie wrote:
Hi!
The following case: A apache-2.0.48 server which was compiled without SSL. Now
the powers that be have decided the server should also be able to support
https, so mod_ssl needs to be 'added'.
Is it possible to do
Greetings,
Does the DoS vulnerability reported in
http://secunia.com/advisories/11092/ affect the mod_ssl-2.8.16-1.3.29
codebase?
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored.
Diese E-mail ist eine private und persönliche Kommunikation. Sie hat
keinen
On Fri, Mar 12, 2004 at 01:19:04PM +0100, Boyle Owen wrote:
Does the DoS vulnerability reported in
http://secunia.com/advisories/11092/ affect the mod_ssl-2.8.16-1.3.29
codebase?
No, it doesn't.
joe
__
Apache Interface
On Fri, Mar 12, 2004 at 01:19:04PM +0100, Boyle Owen wrote:
Greetings,
Does the DoS vulnerability reported in
http://secunia.com/advisories/11092/ affect the mod_ssl-2.8.16-1.3.29
codebase?
All the filtering stuff in mod_ssl was new in the Apache 2 version and didn't
turn up until after
of OpenSSL, equates to:
EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-
MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5
Is it possible to construct a cipher-spec string that will make
Apache/mod_ssl choose a 3DES cipher when both RC4 and 3DES are
'offered' by the client (most clients seem
for the SSLCipherSuite directive is 'HIGH:MEDIUM' which, with my
version of OpenSSL, equates to:
EDH-RSA-DES-CBC3-SHA:EDH-DSS-DES-CBC3-SHA:DES-CBC3-SHA:DES-CBC3-
MD5:RC4-SHA:RC4-MD5:RC2-CBC-MD5:RC4-MD5
Is it possible to construct a cipher-spec string that will make
Apache/mod_ssl choose a 3DES
to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
Title: There appears to be a major memory leak in mod_ssl/OpenSSL
I have been tracking this down for a couple of weeks and thought it was in the code my company is developing and it appears that is not the case. In order to eliminate our code from the mix and isolate the problem here is what
:
This was done on Windows and Linux:
1. Download the latest Apache from www.apache.org.
2. Download the latest OpenSSL from www.openssl.org.
3. Build them both, with apache add the mod_ssl option and also for
Linux use the MPM worker module.
Are you using 2.0.48? Could be one of these two
There appears to be a major memory leak in mod_ssl/OpenSSLHello,
I encountered many memory leak trouble with OpenSSL. I used quite old
versions (from 0.9.6c), so I don't know if this is relevant or not for
you... Anyway I figured out that nobody seemed to ever call the
CRYPTO_thread_cleanup(). I
Title: There appears to be a major memory leak in mod_ssl/OpenSSL
Are u
using:
On linux you really should
be using a shared memory session cache - like
SSLSessionCache shmcb:logs/ssl_gcache_data(512000)
SSLSessionCacheTimeout 300
and not the dbm
cache
I
posted some email about
101 - 200 of 2407 matches
Mail list logo
