Note that you will see some EOFs in the log files that are normal and aren't due to failures. I see them all the time because we're using client certs -- MSIE makes a connection, realizes the server wants a client cert, cuts the conn (EOF), asks the user which client cert they want to use, then makes a fresh connection. There are other events that can cause an EOF; one of them I think is when a client is using SSLv3 or TLS but doesn't follow the SSL close protocol specified and instead just closes the socket.
/s.
On Tuesday, March 11, 2003, at 12:01 PM, William Scott Jordan wrote:
So I switched session caching on last night and when I checked the logs this morning, I see that there were a couple of new EOF during SSL handshake errors. Checking the access log, it looks like something funny was going on; Non-existent files being accessed and such. I think Dossy might be right about this being from the SSL exploits. Hopefully, turning on session caching fixed the real problem and now I'm just seeing the results of some idiots mucking about.
Scott
At 09:57 PM 3/10/2003 -0800, you wrote:I'll give this a shot. Thanks for the assistance.
Scott
At 11:42 PM 3/10/2003 -0600, you wrote:Turn it on, always, always, always have session caching on, or SSL to certain MSIE browser versions will fail in the way you're seeing. I've just updated the nsopenssl config examples at my site to reflect this.
nsopenssl 3.0 will have session caching turned on by default, so that if you want it turned off you'll have to explicitly do so.
/s.
On Monday, March 10, 2003, at 11:32 PM, William Scott Jordan wrote:
ServerSessionCache is set to false.
Scott
At 11:12 PM 3/10/2003 -0600, you wrote:Do you have session caching turned on?
/s.
On Monday, March 10, 2003, at 11:00 PM, William Scott Jordan wrote:
I'm running AOLServer 3.4 with OpenSSL 0.9.6 and nsopenssl 2.2b4 on Redhat 7.0 and I'm getting this error quite a bit:
Error: nsopenssl: EOF during SSL handshake
I have no idea what's causing it and I can't recreate it. When it happens, it gives the end user a "Server Error" message. Reloading the same page never causes the problem a second time. I really don't even know whether it's a problem with AOLServer, a configuration issue, or a problem with OpenSSL.
Has anybody seen this before or have any idea of how to correct it? Any advice would be appreciated.
Scott
I. To remove yourself from this list:
Send a message to "[EMAIL PROTECTED]" with the following text in the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/
I. To remove yourself from this list:
Send a message to "[EMAIL PROTECTED]" with the following text in the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/
I. To remove yourself from this list:
Send a message to "[EMAIL PROTECTED]" with the following text in the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/
I. To remove yourself from this list:
Send a message to "[EMAIL PROTECTED]" with the following text in the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/
I. To remove yourself from this list:
Send a message to "[EMAIL PROTECTED]" with the following text in the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/
I. To remove yourself from this list:
Send a message to "[EMAIL PROTECTED]" with the following text in the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/
I. To remove yourself from this list:
Send a message to "[EMAIL PROTECTED]" with the following text in the BODY of your message:
signoff aolserver
II. For a complete list of listserv options please visit:
http://listserv.aol.com/
III. For more AOLserver information please visit:
http://www.aolserver.com/