Re: %{SSL_PROTOCOL}x %{SSL_CIPHER}x - question
On Dec 6, 2007 7:26 PM, Shiva Subramanian [EMAIL PROTECTED] wrote: hi there, recently I turned on the SSL_PROTOCOL SSL_CIPHER on one of our web server to gather some statistics on the SSL protocol ciphers being used. most of the entries have SSLv3, TLSv1, some SSLv2s here and there and then there are these entries with only a - - in place where the SSL_PROTOCOL SSL_CIPHER should be. for eg: XX.XX.83.98 - - [XX/XX/2007:13:31:27 -0500] SSLv3 RC4-MD5 GET XX HTTP/1.0 404 363 XX XX XX.XX.83.98 - - [XX/XX/2007:13:31:51 -0500] - - GET / 400 596 - - XX.XX.83.98 - - [XX/XX/2007:13:32:21 -0500] - - GET / 400 596 - - my question is what does the - - represent in the SSL_PROTOCOL SSL_CIPHER fields respectively. The hypen just represents a null variable. In this case, no SSL session was present. The request in the above example returned status code 400 for Bad Request. You can reproduce it by issuing a plain HTTP GET / to an HTTPS host. Regards,
Re: Correct use of SSLVerifyClient and Sub-Ordinate CAs
On Nov 19, 2007 9:24 AM, Anony Mouse [EMAIL PROTECTED] wrote: I see that there's been the addition of the SSLCADNRequestFile directive in Apache 2.2.x, but I don't see how this relates to this particular problem. I also understand that I could narrow the problem by using SSLRequire directives and the %{SSL_CLIENT_I_DN} variable, but this seems a hackish solution to something that should be handled by SSLCACertificateFile alone. Is this a bug? Any advice is appreciated. I can provide further details about my Apache configs or logs if required. Nobody? Regards,
Re: Correct use of SSLVerifyClient and Sub-Ordinate CAs
On Mon, Nov 19, 2007 at 09:24:09AM +, Anony Mouse wrote: I've found myself in the same quandary as this guy [1]. My CA structure is as follows. - RootCA - SubCA1 - SubCA1 Server - SubCA1 Clients - SubCA2 - SubCA2 Server - SubCA2 Clients I have two HTTPS vhost containers. One which has a server certificate issued by SubCA1 and should only accept client certificates from SubCA1. Likewise, another for SubCA2, which should only accept client certificates from SubCA2. I think this should work by using: SSLCertificateChainFile rootca Vhost for SubCA1 SSLCACertificateFile SubCA1 /Vhost Vhost for SubCA2 SSLCACertificateFile SubCA2 /Vhost joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
RE: mod_ssl not for apache 2.2.4 (unix)?
As of Apache 2.x mod_ssl is included in the distribution. All you should have to do is enable the module in the configuration file. Rich __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
mod_ssl not for apache 2.2.4 (unix)?
Hi folks, I'm a complete newbie to compiling apache, and I'm trying to install my first SSL certificate. All instructions I can find so far all assume that I have mod_ssl installed already. I'm willing to install it, but all of the references I can find to the latest and greatest version of mod_ssl say that it's for apache 1.3.39, but I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6) I don't want to proceed with recompiling the web server unless I know that I'm doing the right thing. Can any one either a) just help me... or b) point me to a good article or set of articles on how to do this? I should mention that we host many, many virtual domains off this one server. Thanks heaps, Chris -- http://cjordan.us
Re: mod_ssl not for apache 2.2.4 (unix)?
On Fri, Dec 14, 2007 at 02:10:17PM -0600, Chris Jordan wrote: Hi folks, I'm a complete newbie to compiling apache, and I'm trying to install my first SSL certificate. All instructions I can find so far all assume that I have mod_ssl installed already. I'm willing to install it, but all of the references I can find to the latest and greatest version of mod_ssl say that it's for apache 1.3.39, but I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6) mod_ssl is part of httpd 2.x, and is included with Fedora. Run yum install mod_ssl joe __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl not for apache 2.2.4 (unix)?
Richard Joe, Thanks so much! Joe, thanks for the command. :o) I'll see if I can manage it from here. I appreciate you answering such a basic question for me. Really. Thanks. :o) Cheers! Chris On Dec 14, 2007 2:27 PM, Joe Orton [EMAIL PROTECTED] wrote: On Fri, Dec 14, 2007 at 02:10:17PM -0600, Chris Jordan wrote: Hi folks, I'm a complete newbie to compiling apache, and I'm trying to install my first SSL certificate. All instructions I can find so far all assume that I have mod_ssl installed already. I'm willing to install it, but all of the references I can find to the latest and greatest version of mod_ssl say that it's for apache 1.3.39, but I'm running apache 2.2.4 on a Fadora Core 6 (2.6.20-1.292.fc6) mod_ssl is part of httpd 2.x, and is included with Fedora. Run yum install mod_ssl joe -- http://cjordan.us
Jean-Pierre Guilloteau est absent.
I will be out of the office starting Mon 10/12/07 and will not return until Mon 17/12/07. Je répondrai à votre message dès mon retour. Vous pouvez en mon absence contacter Aspaway au 01 46 67 88 88 ou notre support technique au 01 46 67 88 98. Cordialement. __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]