Hello,
First of all, sorry for opening this discussion again!
But I want to ask a very precise question:
I use SLCipherSuite NULL-MD5 (nothing else).
Using an RSA Key/Cert it works:
Init: Configuring server p24958:9443 for SSL protocol
Init: (p24958:9443) Creating new SSL context (protocols: SSLv3)
Init: (p24958:9443) Configuring permitted SSL ciphers [NULL-MD5]
Init: (p24958:9443) Configuring RSA server certificate
[...]
Connection: Client IP: 155.56.94.132, Protocol: SSLv3, Cipher: NULL-MD5 (0/0
bits)
Using a DSA Key/Cert it does not work:
Init: Configuring server p24958:9443 for SSL protocol
Init: (p24958:9443) Creating new SSL context (protocols: SSLv3)
Init: (p24958:9443) Configuring permitted SSL ciphers [NULL-MD5]
Init: (p24958:9443) Configuring DSA server certificate
[...]
SSL handshake failed (server p24958:9443, client 155.56.94.132) (OpenSSL
library error follows)
OpenSSL: error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
[Hint: Too restrictive SSLCipherSuite or using DSA server certificate?]
>From my point of view there is no reason why NULL-MD5 should not be a shared
cipher in both cases (RSA and DSA).
Furthermore I think in my example there is no chance for the web browser to
recognize the web server's key type (RSA and DSA).
Please correct me if I am wrong, but I can only think of a mod_sll or
open_ssl problem.
Any help is very appreciated.
Regards,
Maik
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
