Re: strange connections to apache2 port 443
Tom Henderson wrote: Hi, I hope that I describe my problem to the right mailinglist and that someone can give me the hint I need. I´m running a SuSE Linux 9.0 with Apache2 2.0.53 ( installed via rpm from ftp.suse.com ) with mod_ssl. The startup parameter for the apache is -D SSL. But here comes my problem ... I´m also running an iptables firewall and I notice a strange behaviour on my system but only when I start apache with -D SSL. When I run apache only with http there are no strange connection attempts in the firewall logs. To be more precise, my firewall logs show entries of connection attampts from my localhost to my localhost via interface lo ( not eth0 ) from some increacing port to port 443. Fact is that this connections only appear when I start the apache with -D SSL and I can also comment out all the virtual hosts for port 443 but that does not matter, only when I start the apache without SSL the connections disappear. The strange thing is that in the firewall logs there are syn, ack ... flags but I can not find any apache2-logfile entry for one of this connections. Does that sound familiar to somebody? Is there a configuration withtin the apache2 to probe the ssl aware apache? Hi Tom, this is exactly what I recognized. When Apache 2.0.54 runs on RHEL AS 3 using SSL, it opens TCP connections to itself on a regular schedule. The connections to port 443/tcp are opened by the apache parent process running as root. No information is exchanged. The TCP connection is just opened and immediately closed (FIN sent by the client). This was seen by iptabling 443/tcp on interface lo and watching which process had connections in the SYN_SENT state. The error_log with LogLevel debug shows lots of SSL handshake errors even when no browser causes a SSL handshake error. Here's how apache was built: # 22.08.05 # httpd-2.0.54 # CFLAGS=-I/usr/kerberos/include \ ./configure \ --prefix=/opt/apache \ --sysconfdir=/etc/httpd/conf \ --enable-ssl \ --enable-mods-shared=all \ --enable-proxy \ --enable-proxy-http \ --enable-dumpio Best regards, Bernie __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: strange connections to apache2 port 443
On Wed, Aug 31, 2005 at 10:47:39AM +0200, Bernhard Erdmann wrote: this is exactly what I recognized. When Apache 2.0.54 runs on RHEL AS 3 using SSL, it opens TCP connections to itself on a regular schedule. 2.0 does this to wake up idle child processes, which can then exit, it's perfectly normal - you should modify the firewall rules to allow local connections to all listening ports. joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
preventing client certs to be used by multiple users??
Hello, Is there a way to prevent users (that got a client ssl-certificate (pkcs12) for accessing my server) from giving their certs away to others and in that way enabling unwanted users access to my site? Or if there is no elegant solution, maybe someone knows how apache (or a log analyzer etc.) can inform me if two different IPs have tried to connect simultaneously using the same certificate? Many thanks Conrad Friedrich __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
preventing client certs to be used by multiple users??
Hello, Is there a way to prevent users (that got a client ssl-certificate (pkcs12) for accessing my server) from giving their certs away to others and in that way enabling unwanted users access to my site? Or if there is no elegant solution, maybe someone knows how apache (or a log analyzer etc.) can inform me if two different IPs have tried to connect simultaneously using the same certificate? Many thanks Conrad Friedrich __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: preventing client certs to be used by multiple users??
On 8/31/05, Conrad Friedrich [EMAIL PROTECTED] wrote: Is there a way to prevent users (that got a client ssl-certificate (pkcs12) for accessing my server) from giving their certs away to others and in that way enabling unwanted users access to my site? The client certificate acts as the user's identity. If the user gives away his/her identity or the identity is stolen, then someone else can authenticate to the server using that identity, and that's just the way it is. This is no different than a username/password means of establishing user identity, really, except that the user has perhaps better ways to protect a client certificate than he does a username/password. If the user intentionally gives away the certificate, there's nothing you can do about it. Or if there is no elegant solution, maybe someone knows how apache (or a log analyzer etc.) can inform me if two different IPs have tried to connect simultaneously using the same certificate? I haven't seen any such tool but that doesn't mean there isn't one out there. Anybody else heard of such a thing? --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]