I succesfully installed Apache+mod_ssl+php (opensa 0.20) on an Win NT box
and installed a Verisign Global Server ID Certificate (SGC).
Everything works fine, except when dealing with Netscape international
release (yes even the last 4.72) which stops saying that there is a network error.
Looking at the engine.log i found the following lines:
[01/Jun/2000 16:49:36 00088] [info] Server: OpenSA/0.20 Apache/1.3.12, Interface: mod_ssl/2.6.2, Library:
OpenSSL/0.9.5
[01/Jun/2000 16:49:36 00088] [warn] You are using mod_ssl under Win32. This combination is *NOT* officially
supported. Use it at your own risk!
[01/Jun/2000 16:49:36 00088] [info] Init: 1st startup round (still not detached)
[01/Jun/2000 16:49:36 00088] [info] Init: Initializing OpenSSL library
[01/Jun/2000 16:49:36 00088] [info] Init: Loading certificate & private key of SSL-aware server
www.mydomain.com:443
[01/Jun/2000 16:49:36 00088] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:36 00088] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Initializing (virtual) servers for SSL
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring server www.mydomain.com:443 for SSL protocol
[01/Jun/2000 16:49:37 00088] [info] Init: (www.mydomain.com:443) RSA server certificate enables Server Gated
Cryptography (SGC)
[01/Jun/2000 16:49:37 00088] [info] Init: 2nd startup round (already detached)
[01/Jun/2000 16:49:37 00088] [info] Init: Reinitializing OpenSSL library
[01/Jun/2000 16:49:37 00088] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[01/Jun/2000 16:49:37 00088] [info] Init: Initializing (virtual) servers for SSL
[01/Jun/2000 16:49:37 00088] [info] Init: Configuring server www.mydomain.com:443 for SSL protocol
[01/Jun/2000 16:49:38 00088] [info] Init: (www.mydomain.com:443) RSA server certificate enables Server Gated
Cryptography (SGC)
[01/Jun/2000 16:49:38 00165] [info] Server: OpenSA/0.20 Apache/1.3.12, Interface: mod_ssl/2.6.2, Library:
OpenSSL/0.9.5
[01/Jun/2000 16:49:38 00165] [warn] You are using mod_ssl under Win32. This combination is *NOT* officially
supported. Use it at your own risk!
[01/Jun/2000 16:49:38 00165] [info] Init: 1st startup round (still not detached)
[01/Jun/2000 16:49:38 00165] [info] Init: Initializing OpenSSL library
[01/Jun/2000 16:49:38 00165] [info] Init: Loading certificate & private key of SSL-aware server
www.mydomain.com:443
[01/Jun/2000 16:49:38 00165] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:38 00165] [info] Init: Generating temporary RSA private keys (512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info] Init: Seeding PRNG with 136 bytes of entropy
[01/Jun/2000 16:49:39 00165] [info] Init: Configuring temporary RSA private keys (512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info] Init: Configuring temporary DH parameters (512/1024 bits)
[01/Jun/2000 16:49:39 00165] [info] Init: Initializing (virtual) servers for SSL
[01/Jun/2000 16:49:39 00165] [info] Init: Configuring server www.mydomain.com:443 for SSL protocol
[01/Jun/2000 16:49:40 00165] [info] Init: (www.mydomain.com:443) RSA server certificate enables Server Gated
Cryptography (SGC)
[01/Jun/2000 16:49:54 00165] [info] Connection to child 0 established (server www.mydomain.com:443, client
192.168.1.91)
[01/Jun/2000 16:49:54 00165] [info] Seeding PRNG with 1160 bytes of entropy
[01/Jun/2000 16:49:55 00165] [info] Connection: Client IP: 192.168.1.91, Protocol: SSLv3, Cipher: EXP1024-RC4-SHA
(0/0 bits)
[01/Jun/2000 16:49:55 00165] [info] Connection to child 0 closed with standard shutdown (server
www.mydomain.com:443, client 192.168.1.91)
The problem I think is in the line :
[01/Jun/2000 16:49:55 00165] [info] Connection: Client IP: 192.168.1.91, Protocol: SSLv3, Cipher: EXP1024-RC4-SHA
(0/0 bits)
which with 128 bit Netscape/MS IE browsers looks something like :
[01/Jun/2000 16:54:42 00207] [info] Connection: Client IP: 192.168.1.85, Protocol: SSLv3, Cipher: RC4-MD5 (128/128
bits)
and in this last case everithing works fine.
I know that I have to deal with something in the Apache' s httpd.conf but I can' t
figure what to do.
My SSLCipherSuite directive looks like the following :
SSLCipherSuite ALL:!ADH:RC4+RSA:+SHA1:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
Is there anyone who can help me ?
Francesco D'Inzeo
WinTech S.r.l.
Via Lisbona 7
35127 PADOVA (Italy)
Tel. (+39)-(0)49-8703033
Fax. (+39)-(0)49-8703045
e-mail [EMAIL PROTECTED]
