Problems with Verisign Global Server ID certificate & Netscape clients

Fri, 16 Jun 2000 00:36:36 -0700

Hi everyone on the list,
I' m new to this list so forgive me if my problem had already a
solution.

The problem (as in subject) concerns Netscape browsers exported
editions that try to connect to an Win NT Server Box equipped with
Apache/1.3.12, Interface: mod_ssl/2.6.2, Library: OpenSSL/0.9.5
and Verisign Global Server ID certs (server.key and server.crt).

As mentioned in the mod_ssl README.GlobalID Netscape browsers
has to step up from a 40 bit EXP-RC4-MD5 to the stronger 128 bit
RC4-MD5, but on the browser side an error window appears telling
about a Network Error and on the Apache engine log,put in trace
mode, the following lines are generated:

[15/Jun/2000 10:18:34 00270] [info] Connection to child 0 established (server www.myserv.it:443, client
192.168.1.128)
[15/Jun/2000 10:18:34 00270] [info] Seeding PRNG with 1160 bytes of entropy
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Handshake: start
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: before/accept initialization
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read client hello A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write server hello A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write certificate A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write key exchange A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write server done A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 flush data
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read client key exchange A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read finished A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write finished A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 flush data
[15/Jun/2000 10:18:34 00270] [trace] Inter-Process Session Cache: request=SET status=OK
id=C0595B369C0126F6782BF20E3B8112EA16F0AA1B2DEAB5C2DA6773F5103D95D3 timeout=300s (session caching)
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Handshake: done
[15/Jun/2000 10:18:34 00270] [info] Connection: Client IP: 192.168.1.128, Protocol: SSLv3, Cipher: EXP-RC4-MD5
(40/128 bits)
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Handshake: start
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: before accept initialization
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read client hello A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write server hello A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write certificate A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write server done A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 flush data
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Exit: error in SSLv3 read client certificate A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read client key exchange A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Exit: error in SSLv3 read certificate verify A
[15/Jun/2000 10:18:34 00270] [info] Connection to child 0 closed with standard shutdown (server www.myserv.it:443,
client 192.168.1.128)

Trying the same with a RH 6.0 Linux Box whith same configuration:
Apache 1.3.12 + Mod_SSL 2.6.2 + PHP4 +OpenSSL 0.9.5 everything works fine.

What's happening ???

Regards

   -------------------------------------------
   Francesco D'Inzeo
   WinTech S.r.l.
   Via Lisbona 7
   35127 PADOVA (Italy)
   Tel. (+39)-(0)49-8703033
   Fax. (+39)-(0)49-8703045
   e-mail [EMAIL PROTECTED]

Reply via email to