Dear modssl Users,
I'm tring to get MSIE and netscape to work with Verisign's Secure
Server ID at 128 bit encription. I don't understand why it does not work,
however i'm following the instructions in the howto at www.modssl.org.
The browsers negotiate only at EXP-RC4-MD5 or if i want them to use only
HIGH encription, apache-modssl denies all connection to the specified
directory. Even if i;m tring to connect with trhe fortified netscape..
My config is:
Apache 1.3.9
mod_ssl-2.4.6-1.3.9
I have tried:
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
and in the Directory directive i have stated:
SSLRequire %{SSL_CIPHER_USEKEYSIZE} >= 128
in this case no browsers could communicate with the server.
I think there are may be two reasons why:
1., The expression is bad (i don't think so)
2., The browser does not understands Verisign's signature well. (??)
In either case I don't know what to do. Here is a snippet from the
logfile, when sslenginelog was set to trace state.
[28/Mar/2000 14:25:48 13595] [info] Init: 17nd restart round (already
detached)
[28/Mar/2000 14:25:48 13595] [info] Init: Seeding PRNG with 1032 bytes of
entropy
[28/Mar/2000 14:25:48 13595] [info] Init: Initializing (virtual) servers
for SSL
[28/Mar/2000 14:25:48 13595] [info] Init: Configuring server
myserver:443 for SSL protocol
[28/Mar/2000 14:25:48 13595] [trace] Init: (myserver:443)
Creating new SSL context (protocols: SSLv2, SSLv3, TLSv1)
[28/Mar/2000 14:25:48 13595] [trace] Init: (myserver:443)
Configuring permitted SSL ciphers [ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+S
SLv2:+EXP:+eNULL]
[28/Mar/2000 14:25:48 13595] [trace] Init: (myserver:443)
Configuring RSA server certificate
[28/Mar/2000 14:25:48 13595] [info] Init: (myserver:443) RSA
server certificate enables Server Gated Cryptography (SGC)
[...]
[28/Mar/2000 14:25:55 24600] [trace] OpenSSL: Handshake: done
[28/Mar/2000 14:25:55 24600] [info] Connection: Client IP:
195.228.56.254, Protocol: SSLv3, Cipher: EXP-RC4-MD5 (40/128 bits)
[28/Mar/2000 14:25:56 24600] [info] Initial (No.1) HTTPS request received
for child 0 (server myserver:443)
[28/Mar/2000 14:25:56 24600] [info] Access to /var/www/full/Index.jsp
denied for 195.228.56.254 (requirement expression not fulfilled)
[28/Mar/2000 14:25:56 24600] [info] Failed expression: %{SSL_CIPHER} in
{"%{SSL_CIPHER_USEKEYSIZE}", ">=", "128"}
[28/Mar/2000 14:25:56 24600] [trace] OpenSSL: Write: SSL negotiation
finished successfully
Any help would be highly appreciated.
Best regards,
--Rp.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
