subject:"Apache 2.0.35 \- ssl fails silently\?"

RE: Apache 2.0.35 - ssl fails silently?

2002-09-03 Thread Jose Correia (J)

Have you tried looking in ssl_engine.log?

-Original Message-
From: Paul English [mailto:[EMAIL PROTECTED]]
Sent: 02 September 2002 22:55
To: [EMAIL PROTECTED]
Subject: Re: Apache 2.0.35 - ssl fails silently?

 On Mon, 2 Sep 2002, Paul English wrote:

  I'm working with a new setup of 2.0.35 under Linux, and having

 First of all, why 2.0.35 on a new setup?  2.0.36 was the first full
 release (back in April).  2.0.40 is the current release.

Oops, I guess I should have said relatively new. It has been up and 
running without any SSL for a few months.

I'm downloading 2.0.40 now, although I think the problem is most
likely 
configuration somehow.

Paul

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Apache 2.0.35 - ssl fails silently?

2002-09-03 Thread Olaf Gellert


Hi,

 None of the above seems to work. Thrown into the mix I have several 
 interfaces on the machine, and ipchains (for which I've enabled access 
 from everywhere to port 443).
And hopefully you enabled response packets going from port
443 to the world? I don't know the semantic of nmap, is a
closed port some port where in response to a SYN-packet,
a RST is sent? Or is it a filtered one (= no response).
Just to make sure it's not your firewall. Maybe you can
open all incoming and outgoing packets from localhost
(just for testing) and try a local telnet to that port?

Olaf
-- 
Olaf Gellert   mailto:[EMAIL PROTECTED]

DFN-PCA:Eine Arbeitsgruppe der DFN-CERT GmbH
Oberstr. 14b  http://www.pca.dfn.de/
D-20144 Hamburg, Germany   +49.40.808077-555 / Fax: -556
__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Apache 2.0.35 - ssl fails silently?

2002-09-03 Thread Paul English



 Have you tried looking in ssl_engine.log?

That one wasn't being generated. Now I'm not sure what the problem was, 
but upgrading to 2.0.40 fixed it. Now that I've seen the build again, it 
is possible that mod_ssl failed to build, and I missed it as the messages 
scrolled past. I made sure that it did build for 2.0.40.

Thanks everyone,
Paul
 -Original Message-
 From: Paul English [mailto:[EMAIL PROTECTED]]
 Sent: 02 September 2002 22:55
 To: [EMAIL PROTECTED]
 Subject: Re: Apache 2.0.35 - ssl fails silently?
 
 
 
  On Mon, 2 Sep 2002, Paul English wrote:
  
 I'm working with a new setup of 2.0.35 under Linux, and having
  
  First of all, why 2.0.35 on a new setup?  2.0.36 was the first full
  release (back in April).  2.0.40 is the current release.
 
 
 Oops, I guess I should have said relatively new. It has been up and 
 running without any SSL for a few months.
 
 I'm downloading 2.0.40 now, although I think the problem is most
 likely 
 configuration somehow.
 
 Paul
 
 __
 Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
 User Support Mailing List  [EMAIL PROTECTED]
 Automated List Manager[EMAIL PROTECTED]
 __
 Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
 User Support Mailing List  [EMAIL PROTECTED]
 Automated List Manager[EMAIL PROTECTED]
 

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Apache 2.0.35 - ssl fails silently?

2002-09-02 Thread Paul English



Hi,
I'm working with a new setup of 2.0.35 under Linux, and having 
some trouble. I'm not sure where to look as there are no errors in 
error_log, or /var/log/messages or on the console. 

Reading the docs I eliminated:
having Listen on port 443 and an appropriate virtual host context
using apachectl startssl to pass -DSSL to the server
tried using the stock httpd.conf and ssl.conf

None of the above seems to work. Thrown into the mix I have several 
interfaces on the machine, and ipchains (for which I've enabled access 
from everywhere to port 443). I tested all the interfaces using nmap, 
which just says that port 443 is closed, and telnet. 

I've attached my config files to see if anyone else can make sense of it.

Thanks,
Paul


#
# This is the Apache server configuration file providing SSL support.
# It contains the configuration directives to instruct the server how to
# serve pages over an https connection. For detailing information about these 
# directives see URL:http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
#
#   For the moment, see URL:http://www.modssl.org/docs/ for this info. 
#   The documents are still being prepared from material donated by the
#   modssl project.
# 
# Do NOT simply read the instructions in here without understanding
# what they do.  They're here only as hints or reminders.  If you are unsure
# consult the online docs. You have been warned.  
#
IfDefine SSL

#   Until documentation is completed, please check http://www.modssl.org/
#   for additional config examples and module docmentation.  Directives
#   and features of mod_ssl are largely unchanged from the mod_ssl project
#   for Apache 1.3.

#
# When we also provide SSL we have to listen to the 
# standard HTTP port (see above) and to the HTTPS port
#
Listen 206.253.195.210:443

#
# Dynamic Shared Object (DSO) Support
#
# To be able to use the functionality of a module which was built as a DSO you
#ErrorLog logs/dummy-host.example.com-error_log
#CustomLog logs/dummy-host.example.com-access_log common

##
##  SSL Global Context
##
##  All SSL configuration in this context applies both to
##  the main server and all SSL-enabled virtual hosts.
##

#
#   Some MIME-types for downloading Certificates and CRLs
#
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl

#   Pass Phrase Dialog:
#   Configure the pass phrase gathering process.
#   The filtering dialog program (`builtin' is a internal
#   terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog  builtin

#   Inter-Process Session Cache:
#   Configure the SSL Session Cache: First the mechanism 
#   to use and second the expiring timeout (in seconds).
#SSLSessionCachenone
#SSLSessionCacheshmht:logs/ssl_scache(512000)
#SSLSessionCacheshmcb:logs/ssl_scache(512000)
SSLSessionCache dbm:logs/ssl_scache
SSLSessionCacheTimeout  300

#   Semaphore:
#   Configure the path to the mutual exclusion semaphore the
#   SSL engine uses internally for inter-process synchronization. 
SSLMutex  file:logs/ssl_mutex

#   Pseudo Random Number Generator (PRNG):
#   Configure one or more sources to seed the PRNG of the 
#   SSL library. The seed data should be of good random quality.
#   WARNING! On some platforms /dev/random blocks if not enough entropy
#   is available. This means you then cannot use the /dev/random device
#   because it would lead to very long connection times (as long as
#   it requires to make more entropy available). But usually those
#   platforms additionally provide a /dev/urandom device which doesn't
#   block. So, if available, use this one instead. Read the mod_ssl User
#   Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random  512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random  512
#SSLRandomSeed connect file:/dev/urandom 512

#   Logging:
#   The home of the dedicated SSL protocol logfile. Errors are
#   additionally duplicated in the general error log file.  Put
#   this somewhere where it cannot be used for symlink attacks on
#   a real server (i.e. somewhere where only root can write).
#   Log levels are (ascending order: higher ones include lower ones):
#   none, error, warn, info, trace, debug.
SSLLog  logs/ssl_engine_log
SSLLogLevel info

##
## SSL Virtual Host Context
##

VirtualHost 206.253.195.210:443

#  General setup for the virtual host
DocumentRoot /usr/local/htdocs/test
ServerName 3tiergroup.com:443
ServerAdmin [EMAIL PROTECTED]
ErrorLog logs/error_log
TransferLog logs/access_log

#   SSL Engine Switch:
#   Enable/Disable SSL for this virtual host.
SSLEngine on

#   SSL Cipher Suite:
#   List the ciphers that the client is permitted to negotiate.
#   See the mod_ssl documentation for a complete list.
SSLCipherSuite

Re: Apache 2.0.35 - ssl fails silently?

2002-09-02 Thread Cliff Woolley


On Mon, 2 Sep 2002, Paul English wrote:

   I'm working with a new setup of 2.0.35 under Linux, and having

First of all, why 2.0.35 on a new setup?  2.0.36 was the first full
release (back in April).  2.0.40 is the current release.

--Cliff

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

Re: Apache 2.0.35 - ssl fails silently?

2002-09-02 Thread Paul English



 On Mon, 2 Sep 2002, Paul English wrote:
 
  I'm working with a new setup of 2.0.35 under Linux, and having
 
 First of all, why 2.0.35 on a new setup?  2.0.36 was the first full
 release (back in April).  2.0.40 is the current release.


Oops, I guess I should have said relatively new. It has been up and 
running without any SSL for a few months.

I'm downloading 2.0.40 now, although I think the problem is most likely 
configuration somehow.

Paul

__
Apache Interface to OpenSSL (mod_ssl)   www.modssl.org
User Support Mailing List  [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]

RE: Apache 2.0.35 - ssl fails silently?

Re: Apache 2.0.35 - ssl fails silently?

RE: Apache 2.0.35 - ssl fails silently?

Apache 2.0.35 - ssl fails silently?

Re: Apache 2.0.35 - ssl fails silently?

Re: Apache 2.0.35 - ssl fails silently?

6 matches

Site Navigation

Mail list logo

Footer information