On Wed, Jan 23, 2002 at 07:12:35PM +0100, Andreas Gietl wrote:
VirtualHost XXX:443
ServerName www.defaulthost.de
ServerAdmin [EMAIL PROTECTED]
DocumentRoot /home/defaulthost/public_html
Sorry for the late reply, been on vacation.
Does this server host multiple SSL sites? What are
On Tue, Oct 30, 2001 at 02:59:14AM -0600, Dean Hall wrote:
I'm installing openssl from RPM because several RPMs in RedHat 7.2 require
the package -- that's basically it. I wouldn't mind compiling everything
from source -- but then I should probably be using FreeBSD. :-) Well, the
main issue
On Tue, Oct 30, 2001 at 03:39:40PM -0600, Dean Hall wrote:
As I said, I guess I'll try that, but I have several problems with RedHat's
Apache/mod_ssl RPM. First, I have many scripts which depend on Apache being
in /usr/local/apache which is not where the RPM puts apache. Second, and I
can
On Wed, Oct 24, 2001 at 03:47:11PM -0700, Peter Morelli wrote:
I've done a little more testing, and it seems like turning OFF the Show
friendly http error pages option in MSIE allows apache/mod_ssl to downgrade
the connection to HTTP/1.0 correctly. Turning it back on again leads to a
On Wed, Oct 24, 2001 at 05:38:40PM -0700, Peter Morelli wrote:
Sorry, I have the same situation after using those config lines. I had seen
them on the mailing list before, but just to be sure I've just retested
them. No change. Same symptoms and solutions...
And you do have a ssl session
On Tue, Oct 23, 2001 at 09:49:22AM +0200, Martin B. Nielsen wrote:
Does anyone have a clue why ie6 and apache 1.3.19 with mod_ssl 2.8.4
(and openssl 0.9.6a) with a 128bit certificate may refuse to connect to
the server (i.e. it shows the typical error screen on ie).
The server has the
On Thu, Oct 18, 2001 at 04:16:48PM -0300, Carlos M. Chicca wrote:
I have compiled and installed apache 1.3.22 , mod_ssl 2.8.5-1.3.22 and
openssl-0.9.6b. Everything is ok.
But when i start it whith apachectl startssl, after enter the pass phrase
it says apachectl startssl: httpd started but
On Thu, Sep 27, 2001 at 10:08:32AM +0200, Rainer Jung wrote:
Hi,
now I have more precise data. The samples have been taken during 5 days.
There where 10 million acceses to the server. 461 of these had corrupt
headers. So increasing Log level is not really feasible.
snip of a lot of good
On Tue, Sep 18, 2001 at 05:25:34PM -0500, Nick Temple wrote:
Hi --
My question is: what is the most stable version of Apache / mod_ssl/ OpenSSL and
configuration options, stable in this case meaning allowing the widest group of the
most common browsers to connect (AOL, IE, Netscape,
On Thu, Aug 30, 2001 at 07:29:03PM +0200, Sergey Samoyloff wrote:
BrowserMatch == SetEnvIf User-Agent ?
Yes.
http://httpd.apache.org/docs/mod/mod_setenvif.html#BrowserMatch
-Dave
__
Apache Interface to OpenSSL (mod_ssl)
On Thu, Aug 30, 2001 at 02:50:43PM +, James W.Blackwell wrote:
The problem persists. :( I've tried several combinations of the
BrowserMatch/SetEnvIf lines. Here's what I've got in my config now:
Can you try removing the SetEnvIf or BrowserMatch lines completely? It's
strange, because
On Wed, Aug 08, 2001 at 10:57:47AM -0600, Hyrum Mills wrote:
I've tried to read the mod_ssl documentation as well as an Apache
architectural description and so far have had no luck in finding the answer
to my question. I'm working on a research project that's building a trust
On Mon, Aug 06, 2001 at 02:32:36PM -0400, Tim Gardner wrote:
Carol,
In Apache httpd.conf we had to put the line:
SSLProtocol all -SSLv3
in order to get it to work for IE Mac. So now when IE windows users
who do not have ssl v2 enabled try to hit the site, they get the
On Mon, Aug 06, 2001 at 05:45:16PM -0500, Kuczborski, Carol L wrote:
Our users are using Microsoft IE on Windows platforms, none are on
Macintosh. We tried the fix you mentioned, as also noted in the FAQ for
mod_ssl under the heading When I connect via HTTPS to an Apache + mod_ssl +
OpenSSL
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
There does appear to be a major problem with building openssl 0.9.6a and b
on RedHat 6.2, which I've not got to the bottom of. I have successfully
built openssl 0.9.6 from source
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mark Stewart
I have been chasing down a memory problem for a few days now and would
appreciate any pointers you might have. We have an application that
allows for uploads of large (50MB) files. We
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
I have been having serious difficulties with getting openssl
0.9.6b to even
build on RedHat 6.2. So much so that I'm considering moving to 7.1.
Just last week RedHat posted an
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of B. Burke
I have been testing with a Cisco CSS using SSL session ID for balancing,
and have yet to experience the problem described below. As best I can
tell, it works ok with IE5.5 Netscape 4.5.
1. Please post in plain text instead of HTML.
2. Try these settings instead of the SetEnvIf User-Agent *MSIE*... in your
SSL virtual host.
BrowserMatch MSIE [1-4] nokeepalive \
ssl-unclean-shutdown downgrade-1.0 force-response-1.0
BrowserMatch MSIE [5-9] ssl-unclean-shutdown
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Andrea Cerrito
What about:
SetEnvIf User-Agent MSIE [1-4] nokeepalive ssl-unclean-shutdown
downgrade-1.0 force-response-1.0
SetEnvIf User-Agent MSIE [5-9] ssl-unclean-shutdown
Make sure those are
#3. People who have done it are too busy to
reply.
I've
done it before to get mod_gzip working under mod_ssl. Unfortunately, I
don't have a sample config handy. Search the mod_gzip archives and you
should find your answer.
-Dave
-Original Message-From:
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mads Toftum
On Tue, Jul 10, 2001 at 07:20:41PM +0800, Thum Chee Weng, Ronnie wrote:
what would be a good figure to start using shm ?
Default figure is 512000.
That depends on your OS and how busy
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Tim Gardner
Dave,
Use this:
SSLProtocol all
BrowserMatch MSIE nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
This did not work. IE 5.0 Mac gave 'data encryption errors'.
Use this:
SSLProtocol all
BrowserMatch MSIE nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
^^
Notice that you should have !EXPORT56 configured, !EXP56 does not work.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of WSO Support
Does solving this problem with sweeping wildcard BrowserMatch
statements adversely affect the functionality of Apache and ModSSL?
No. Everything will function fine.
What I getting at
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of DAve Goodrich
OK, that went faster than expected.
I clean-installed Netscape from several sources, below are the
text strings
recorded in the apache log for each Netscape version I tested. I can
IfDefine SSL
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl.crl
VirtualHost 192.168.3.11:443
DocumentRoot /usr/local/www/secure
ServerName www.rblc.com
php_value session.cache_limiter
At one time I had to add this to the end of my BrowserMatch list for SSL:
BrowserMatch WebTV !ssl-unclean-shutdown
WebTV browsers are based on MSIE, and they don't seem to like the
ssl-unclean-shutdown option for some reason.
I don't know if this is still the case.
-Dave
-Original
I've been using these settings:
SetEnvIf User-Agent MSIE [1-4] nokeepalive
ssl-unclean-shutdown downgrade-1.0 force-response-1.0
SetEnvIf User-Agent MSIE [5-9] ssl-unclean-shutdown
and it seems to do the trick (keeping the fingers crossed)
The difference for my app
Hi,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Geoff Thorpe
There's also the other angle too: any old x86 with a tcp/ip stack
and a modem
can open a few (hundred) connections to your server and keep reconnecting
whenever they're
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of McCaffity, Ray
Typically these sites don't run SSL on the server. It's terminated
at the switch hardware, many net gear vendors have SSL accelerators
that emulate a connection to the server. The end
Hi,
I haven't had a chance to test it, but how about this?
BrowserMatch MSIE [1-4] nokeepalive ssl-unclean-shutdown downgrade-1.0
force-response-1.0
This would allow all MSIE 5.X browsers to connect normally. But even those
may need this:
BrowserMatch MSIE 5 ssl-unclean-shutdown
Of course,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of DAve Goodrich
Maybe.. but the Netscape I'm testing works perfectly with Amazon, ebay,
BN, etc etc etc. I've tried with Win2k servers, Solaris, Stronghold, all
work fine.
Anyone have a mod_ssl
Of course ;^) Our web app is built around PHP+CPDF+GD+Openlink, to get
everything to compile without errors I can't use bleeding edge
releases. I'm
running Apache 1.2.13 and PHP 4.0.0 because they are rock solid
for me. CPDF
and GD compile best against PHP 4.0.0, and Openlink compiles best
Hi,
Can you try changing these two lines:
# What Ciphers are allowed
#SSLCipherSuite
ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCipherSuite
ALL:!ADH:!RC4-MD5:!EXP-DES-CBC-SHA:!EXP-RC4-MD5:!EXPORT56:!EXP56:R
C4+RSA:+HI
GH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
#
Yes.
https://www.centromultimediale.it
I'll post a zip file to test the download. I'll repost on this mail asap.
Do you think that using Pragma: no-cache can cause this beavior?
I found on
MS site that IE can have problems on temp saving any file you try to
download over SSL... :(
I'll
Well, if it doesn't like them inside of the virtual host, put them outside.
;-)
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Erik Boles
Sent: Thursday, May 03, 2001 7:38 AM
To: [EMAIL PROTECTED]
Subject: RE: Strange problem with IE5.0 and
Can you post your entire mod_ssl configuration? This is difficult to
diagnose without seeing.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Erik Boles
I have read several FAQ's and done some research regarding the problem IE
5.0 has with
-Agent .*MSIE.* nokeepalive ssl-unclean-shutdown
CustomLog /var/log/httpd/ssl_request_log \
%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b
/VirtualHost
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of David Rees
Sent: Wednesday, May 02
You should be able to do something like this assuming that Windows has dbm
support:
SSLSessionCache dbm:c:/apache/ssl_cache
SSLSessionCacheTimeout 600
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, May 25, 2001 1:42
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Diana Shepard
I've successfully built Apache 1.3.12 with mod_ssl 2.6.4-1.3.12
and OpenSSL via the JOE AVERAGE mod_ssl INSTALL
instructions. That INSTALL document says You...get no
intermediate
We're going to need more details on what software you're using.
But based on my experiments, the item to make the biggest change in
performance is the version of OpenSSL that you're using, and how it's
compiled. You need to make sure that you're using a recent version of
OpenSSL (preferably
There's a better way than all of these. ;-)
Check out cronolog, it'll automatically rotate files for you on either a
daily, monthly or yearly basis so you don't have to HUP the server
yourself after moving the log files..
http://www.ford-mason.co.uk/resources/cronolog/
-Dave
On Mon, Apr 09,
On Fri, Apr 06, 2001 at 11:15:16AM -0700, Tony Hunter wrote:
I've been able to build apache_1.3.19/mod_ssl-2.8.2 on a RedHat 6.2
system with the perl rpm version above. The modssl docs tell me
perl 5.60 is *required*. Am I missing any functionality or likely
to encounter problems staying
On Fri, Apr 06, 2001 at 05:52:44AM -0400, kreso wrote:
I have seen this error reported many times in the archive, but not really
solved.
Is it solved?
We are using
mod_ssl/2.6.6
openssl 0.9.6.a
Apache 1.3.19
We get this error:
[Thu Apr 5 02:25:00 2001] [error] mod_ssl: SSL handshake
You need to redirect them to https if they're connecting on port 80.
This was discussed in detail a little while back, check the list archives.
Something simple like:
Redirect /securedir https://myserver/securedir
Should do the trick for you.
-Dave
On Fri, Apr 06, 2001 at 12:27:30PM +0200,
What versions of MSIE, and what are the exact problems you are experiencing?
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of kreso
Sent: Friday, April 06, 2001 4:40 PM
To: [EMAIL PROTECTED]
Subject: Re: SSL handshake interrupted
Hello,
It really sounds like keepalive is turned on. Can you verify that keep
alive is turned off? Disable keepalive for the entire server if need be.
I'm using MSIE 5.50.4522.1800 (128bit) here, and I've never had problems
connecting.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
On Wed, Apr 04, 2001 at 10:03:39AM +0100, [EMAIL PROTECTED] wrote:
A little while ago, I asked the question: which versions of which browsers
will be adversely affected by
"!EXPORT56"? In other words, who will get a 40-bit connection when they
expected a 56-bit connection? I haven't seen as
The problem seems to be that even with the IE workarounds, MSIE still does
not like to connect when using a self-signed certificate.
If you go out and buy a certificate, it should work (Verisign has a free
trial cert if you just want to test it)
-Dave
-Original Message-
From: [EMAIL
On Fri, Mar 30, 2001 at 02:17:25PM -0800, Corey Adam Baye wrote:
On Fri, 30 Mar 2001, Aage J. Skjolingstad wrote:
Hi All,
When crond is log rotating (crond.weekly) - httpd feil to start up
again. I'm running RH 7.0 with Apache/1.3.14 (Unix) (Red-Hat/Linux)
mod_ssl/2.7.1
If you simply take out the !EXPORT56, you'll most likely find is that most
likely the same 56-bit IE users now can't connect to the side at all.
Take your pick: A warning, or no connection at all. :-(
Taking a look at the Thawte site and their FAQ about Super Certs, it seems
that you can
On Thu, Mar 29, 2001 at 08:47:29AM -0800, David Rees wrote:
Taking a look at the Thawte site and their FAQ about Super Certs, it seems
that you can disable only these ciphers and get the broken MSIE clients to
work:
DES-CBC-SHA, DES-CBC-MD5, EDH-RSA-DES-CBC-SHA, EDH-DSS-DES-CBC-SHA
You are correct!
You can virtual host SSL sites with separate IP addresses just fine.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of George Walsh
In my case, I have the option of IP aliasing, so it would seem I
simply have to establish a
This is a bug in in jakarta-tomcat, not mod_ssl.
It is fixed in the latest beta release, you might want to try that if you
can't wait for jakarta-tomcat 3.2.2.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Wolle
Hello ,
I have wrote some
: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Wolle
no ,sorry
I've installed the know the Tomcat 3.2.2b2 an the same procedure..
But all of that, the dispatcher is much faster when you run the
servlet first
;-)
David Rees wrote:
This is a bug in in jakarta-tomcat, not mod_ssl
?
Thanks,
max
-Original Message-
From: David Rees [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 22, 2001 1:12 PM
To: [EMAIL PROTECTED]
Subject: RE: Which SSLSessionCache to use for best performance?
Hi Max,
-Original Message-
From: [EMAIL PROTECTED]
[mailto
Please read the FAQ.
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC47
This question comes up so often it should be in the .sig of the list!
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Benjamin Collar
Hi,
I'm new to ssl and am having
Yeah, for some reason, the mod_perl config/install wasn't passing the
EAPI_MM environment variable to Apache for configuration, so Apache didn't
know it was available for configuration when building.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf
Take a look at the program siege, (search on freshmeat.net), it benchmarks
web servers over SSL pretty well.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Jeffrey Burgoyne
People;
Is anyone aware of a tool like apache bench (ab) for
Hi Max,
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Max Clark
Hi all.
I have been tuning my web farm (for the past 6 months now), and
have had the
typical MSIE SSL issues along the way. I stumbled across a post today
regarding the
Your configuration looks good, but I'm pretty sure
that --enable-rule=SSL_EXPERIMENTAL should be part of your APACI_ARGS when
configuring mod_perl, not when configuring mod_ssl.
Of course, if it works, maybe Ralf moved shmcb out of the SSL_EXPERIMENTAL
code? I'll have to look at the source to
It sounds like you are not running "apachectl startssl", and just running
"apachectl start".
Personally, I've found those IfDefine SSL statements a PITA.
What I do is replace all IfDefine SSL statements with IfModule
mod_ssl.c, except for the ones around the mod_ssl LoadModule and AddModule
You definately don't need to be running both sslstart and then start, just
running sslstart should start up both http and https servers running on port
80 and 443.
You should have these statements in your httpd.conf
Port 80
IfDefine SSL
Listen 80
Listen 443
/IfDefine
If not, something else
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Geoff Thorpe
lots of good info snipped
Thanks for the lowdown on both session caches, Geoff.
It really seems to me that at this point, the shmcb cache should no longer
be part of the SSL_EXPERIMENTAL
on-line systems.
stunnell seems workable. Year end hours must make my brain fuzzy because I
should have thought of that.
I also considered putting SSL into the ab program itself. It doesn't
actually look that hard to do.
Jeff
On Thu, 22 Mar 2001, David Rees wrote:
Take a look
Did you read the FAQ or search the mail archives? Your question is
answered multiple times.
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49
http://marc.theaimsgroup.com/?l=apache-modsslr=1w=2
-Dave
On Fri, Mar 16, 2001 at 10:18:44AM -0500, Joel Helbling wrote:
I am using mod_ssl
This looks very much like the standard MSIE IO exceptions. Here's how to
fix it:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC49
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, March 12, 2001 8:15 AM
To:
Do you also have a SSLSessionCache defined? Many MSIE clients will
break without it.
-Dave
On Fri, Mar 02, 2001 at 03:41:04PM +0100, [EMAIL PROTECTED] wrote:
Full_Name: Martin Dickau
Version: 2.7.2.2
OS: Windows 2000
Submission from: (NULL) (216.57.24.244)
We are experiencing an MSIE
On Sat, Mar 10, 2001 at 09:35:25AM +, Jonathan Shahariw wrote:
On certain versons of MSIE (ie, 5.0) The browser cant find a connection
with the server but with netscape it works?? What could be the cause?
Did you read the FAQ?
http://www.modssl.org/docs/2.6/ssl_faq.html#ToC48
-Dave
On Sat, Mar 10, 2001 at 11:00:57AM +0100, Mads Toftum wrote:
On Sat, Mar 10, 2001 at 09:35:25AM +, Jonathan Shahariw wrote:
On certain versons of MSIE (ie, 5.0) The browser cant find a connection
with the server but with netscape it works?? What could be the cause?
See the FAQ:
On Wed, Feb 28, 2001 at 02:16:54PM +, Malay Shah wrote:
Hi, I'm using modssl 2.8.0 and apache 1.3.17 with php 4.0.4pl1 and SSL
doesn't work. Port 443 is open and Apache is configured properly but it has
something to do with PHP because when I remove the PHP module, everything
works
On Wed, Feb 28, 2001 at 10:46:45AM -0500, Dan Delaney wrote:
Hi all. What is the most common setup for having a normal server and
a secure server on the same machine? Should I just have one instance
of Apache running with a virtual domain that handles the https://
connections? or should I
On Wed, Feb 28, 2001 at 02:16:54PM +, Malay Shah wrote:
Hi, I'm using modssl 2.8.0 and apache 1.3.17 with php 4.0.4pl1 and SSL
doesn't work. Port 443 is open and Apache is configured properly but it has
something to do with PHP because when I remove the PHP module, everything
works
Chris,
If you don't have a SSLSessionCache defined, some versions of MSIE WILL
break. This Mac that you're using is probably one of them.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Christian Jrges
Sent: Tuesday, February 27, 2001 10:27
Interesting. I usually use the default options when compiling OpenSSL
(./config ; make ; make test), I guess this results in OpenSSL not building
the shared libraries in the first place. Then when mod_ssl gets built, it
links with the static libraries.
I think that you could specify the
It could be done using mod_proxy, although I've never done it myself.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Could apache be running on a computer, while mod_ssl,OpenSSL running
on another? How to do it?
It's
On Thu, Feb 22, 2001 at 07:50:01PM -0700, The Doctor wrote:
I am using FreeBSD 4.2 with apache 1.3.17 + mod_ssl 2.8.0 et al.
lynx-ssl can see the site http://seucre.bigbenhosting.com but not
netscep or MSIE.
I do a debug and get the following:
snip
I tried connecting with Netscape
Are you using Netscape?
Did you check the FAQ?
http://www.modssl.org/docs/2.6/ssl_faq.html#ToC49
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of tc lewis
Sent: Wednesday, February 21, 2001 6:52 PM
To: [EMAIL PROTECTED]
Subject: Re:
signing.
so if i have 2 sites under the same second-level domain name, i can't
switch back and forth between them in netscape without clearing the cert
each time?
that kind of sucks.
-tcl.
On Wed, 21 Feb 2001, David Rees wrote:
Are you using Netscape?
Did you check the FAQ
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Alexander Burke
snip
Also, I scrubbed the mod_ssl FAQ and found this gem, which seemed to
pinpoint the issue to a tee:
http://www.modssl.org/docs/2.3/ssl_faq.html#io-ie
I reconfigured Apache as
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mark Morrill
Sent: Thursday, February 22, 2001 5:41 PM
I revisited the FAQ and re-reread the list archives. I tried a
few things.
A few things from the FAQ actually made things worse! :)
Can you
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Alexander Burke
Sent: Thursday, February 22, 2001 6:23 PM
To: [EMAIL PROTECTED]
Subject: RE: Solved: Intermittent "Data Encryption Error" on IE or
"Network IOError" on Netscape
Blast! That Ctrl-E
A few observations:
At http://www.modssl.org/docs/2.7/ssl_faq.html#io-ie, the use of
!EXPORT56
is suggested to pacify IE. However, at
http://www.modssl.org/docs/2.7/ssl_reference.html#ToC9, EXPORT56 is not
listed, but EXP56 is.
The output of:
openssl ciphers -v
I solved the problem with some debugging, but I'd still like to
know why the
problem occurred. Anyone have a clue?
snip
Have I found a bug of some kind? Or have I done something wrong? Apache is
now running with mod_ssl, but I'd sure like to know why I had to jump
through these hoops.
Hi Geoff,
Thanks for the info, should help future users.
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Geoff Fowler
Sent: Tuesday, February 13, 2001 9:47 AM
To: '[EMAIL PROTECTED]'
Subject: RE: RE: SSL-induced loading errors
Hi Dave,
isign Requires?"We're
not requiring anything on the server side 'except' the certificate request
file?
-Original Message-----
From: David Rees [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 09, 2001 4:00 PM
To: [EMAIL PROTECTED]
Cc: Ralf S. Engelschall
Subject: RE: RE: R
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC48
-Dave
-Original Message-From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Matthias PreiszlSent: Friday, February 09, 2001 6:59
AMTo: [EMAIL PROTECTED]Subject: standard
shutdown
can anybody solve my problem?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of John Kestner
Sent: Friday, February 09, 2001 9:49 AM
To: [EMAIL PROTECTED]
Subject: SSL-induced loading errors
(mod_ssl 2.8.0-1.3.17 on Unix)
I'm getting desperate -- the site rolls out today. I'm
[EMAIL PROTECTED] writes:
Can you post the config for your SSL virtual host without comments?
Actually, I just tried adding:
SSLRequire %{SSL_CIPHER} = 128
And it appears to work on just about every new and old browser/platform!
Hope this helps some future newbie...
Even on non-128
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of John Kestner
[EMAIL PROTECTED] writes:
Actually, I just tried adding:
SSLRequire %{SSL_CIPHER} = 128
And it appears to work on just about every new and old
browser/platform!
Hope this helps
Curious, according to the docs, it shouldn't allow those browsers to
connect. Are you using one of the step-up certificates from Verisign?
So I'm told by the guy who acquired our certificates from Verisign. How do
I tell?
I'm not sure, does anyone else know?
Do you also have the
What version(s) of MSIE? Is the server publicly accessible? Are MSIE users
actually reporting problems, or do you just see this messages in the log?
Will you try with "SSLProtocol all" instead of "SSLProtocol all -SSLv3"?
-Dave
-Original Message-
From: [EMAIL PROTECTED]
Why are you building with such an old version of mod_ssl/Apache? More than
likely, the version of OpenSSL you are using (0.9.5a) is not compatible with
mod_ssl 2.4.10.
Can you use the latest versions of each? Apache 1.3.17, mod_ssl 2.8.0 and
OpenSSL 0.9.6?
Otherwise you'll have to find out
it to 1.3.17.
From: "David Rees" [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
Date: Wed, 7 Feb 2001 13:46:26 -0800
To: [EMAIL PROTECTED]
Subject: RE: error 2 and strange errors occuring with mod_ssl
Why are you building with such an old version of
mod_ssl/Apache? More tha
On Sat, Feb 03, 2001 at 03:47:02PM -0600, James Hastings-Trew wrote:
I am trying to establish a secure server using Apache on RedHat 7. I am
using OpenSSL 0.9.5a (the most current RPM available at RedHat)
I have tried the various Apache httpd.conf tricks noted at:
On Sat, Feb 03, 2001 at 04:36:07PM -0600, James Hastings-Trew wrote:
Thank you for your help. :) I am happy to say, that I *finally* managed to
get the silly thing working, and I am going home now to nurse my aching head
and sour stomach (nasty cold bug going around). The thing that did the
Check the FAQ, and let us know if you still have problems:
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC48
-Dave
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of ACroft
Sent: Friday, February 02, 2001 10:19 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL
On Wed, Jan 17, 2001 at 12:20:44AM +0100, Jan Dries wrote:
Oops, I just typed the version number from the original mail. Anyway,
when I built the new 2.7.1 (tarball from
www.modssl.org/source/mod_ssl-2.7.1-1.3.14.tar.gz) on a clean Apache
1.3.14 (tarball from the Apache
Whoa, just realized that I posted to a message that just got to my mailbox
10 days late. Was there some issue which prevented some mails to the list
from being distributed in a reasonable time frame?
-Dave
On Sun, Jan 28, 2001 at 12:33:14AM -0800, David Rees wrote:
On Wed, Jan 17, 2001
1 - 100 of 279 matches
Mail list logo