On Fri, Oct 01, 1999, Loic Guilmard wrote:
> Slackware 4.0 (noyau 2.1.11)
> glibc 2.0.7
> gcc 2.7.2.3
> Apache 1.3.9 + mod ssl 2.4.4 + php 3.0.12+mod perl 1.21
>
> Everything seems to be ok ! (make certificate done with DSA)
> apachectl startssl => ok
> when I connect to https://secured-host with communicator 4.51 or 4.61,
> I've got the following message :
> Netscape and this server cannot communicate securely because they have
> no common encryption algorithm(s).
>
> Where is my error ?
There is no error, just the fact that Netscape doesn't support DH/DSA based
ciphers. For mod_ssl 2.4.5 I've now added a warning to the "make certificate"
procedure which should make it clear that a DSA-only server is still useless
until the browser vendors add DSA support:
| echo "${T_MD}WARNING!${T_ME} You're generating a DSA based certificate/key pair."
| echo " This implies that RSA based ciphers won't be available later,"
| echo " which for your web server currently still means that mostly all"
| echo " popular web browsers cannot connect to it. At least not until"
| echo " you also generate an additional RSA based certificate/key pair"
| echo " and configure them in parallel."
Ralf S. Engelschall
[EMAIL PROTECTED]
www.engelschall.com
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
