Re: somebody shoot me, please

Wed, 15 Nov 2000 14:35:15 -0800 

Have you tried not loading the chain file and commentint out the 
SSLCipherSuite stuff? 
Austin 

>>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<

On 11/15/00, 4:15:59 PM, Brendon Maragia <[EMAIL PROTECTED]> wrote 
regarding Re: somebody shoot me, please:


> Thanks for the idea, Dan but it didn't work :( .   Anybody else have any

> suggestions?  This is getting to be ridiculous lol :(  Am I doomed?  Am
> I
> going to have to use Apache-SSL?  Ahh god please say no!!!


> >From: Dan Roscigno <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: Re: somebody shoot me, please
> >Date: Wed, 15 Nov 2000 08:05:00 -0800 (PST)
> >
> >
> >I think you might need to limit the ciphers you accept.  To get all of
> my
> >(known) clients working I wathed my logs to see what cipher was being
> used
> >by the clients which failed and then removed that from the list (with a
> >`!').  Here is what I ended up with:
> >
> >SSLCipherSuite
> >!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+ME
> DIUM:+LOW:+SSLv2:+EXP:+eNULL
> >
> >The EXP1024-* ciphers were my problems.
> >
> >Dan Roscigno   [EMAIL PROTECTED]
> >(425)864-5540
> >
> >On Wed, 15 Nov 2000, Brendon Maragia wrote:
> >
> > > First i'd like to thank everyone for their advice about my MOD_SSL +

> >MSIE5.x
> > > problem.  I recompiled everything WITHOUT rsaref-2.0 and I still
> cannot
> >get
> > > a connection with MSIE5.5 only MSIE4.0 & 5.0.  Heres a quick run
> down of
> > > what i'm running and the virtual host i'm trying to connect to...
> > >
> > > apache_1.3.14
> > > mod_ssl-2.7.1-1.3.14
> > > openssl-0.9.6
> > >
> > > My Virtual Host:
> > >
> > > <VirtualHost 216.186.181.230:443>
> > > DocumentRoot /home/commaflex/public_html/checkout
> > > ServerAdmin [EMAIL PROTECTED]
> > > ServerName checkout.commaflex.com
> > > ErrorLog /home/commaflex/public_html/checkout/.error.log
> > > TransferLog /home/commaflex/public_html/checkout/.transfer.log
> > > SSLEngine on
> > >
> > > SSLCertificateFile
> > > /usr/local/ssl.keys/checkout.commaflex.com/ssl.csr/server.crt
> > >
> > > SSLCertificateKeyFile
> > > /usr/local/ssl.keys/checkout.commaflex.com/ssl.key/server.key
> > >
> > > SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> > >   SSLCertificateChainFile
> > > /usr/local/ssl.keys/checkout.commaflex.com/ssl.crt/ca.crt
> > >
> > > <Files ~ "\.(cgi|shtml)$">
> > >   SSLOptions +StdEnvVars
> > > </Files>
> > > <Directory "/usr/local/apache/htdocs/cgi-bin">
> > >   SSLOptions +StdEnvVars
> > > </Directory>
> > >
> > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> > > downgrade-1.0 force-response-1.0
> > >
> > > CustomLog /var/log/apache_ssl_request_log \
> > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > > SSLLogLevel debug
> > > </VirtualHost>
> > >
> > > ...I've checked all my logs upon trying to connect with MSIE5.0 and
> the
> > > server seems to execute a standard hand shake, and then gracefully
> >execute a
> > > standard shutdown with no complaints.
> > >
> > > All I get from MSIE5.x is "Page Could Not Be Displayed".  Could
> someone
> > > pleassee pleaseee help :)
> > >
> > > Brendon
> > >
> >_______________________________________________________________________
> __
> > > Get Your Private, Free E-mail from MSN Hotmail at
> >http://www.hotmail.com.
> > >
> > > Share information about yourself, create your own public profile at
> > > http://profiles.msn.com.
> > >
> > >
> ______________________________________________________________________
> > > Apache Interface to OpenSSL (mod_ssl)
> www.modssl.org
> > > User Support Mailing List
> [EMAIL PROTECTED]
> > > Automated List Manager
> [EMAIL PROTECTED]
> > >
> >
> >______________________________________________________________________
> >Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> >User Support Mailing List                      [EMAIL PROTECTED]
> >Automated List Manager                            [EMAIL PROTECTED]

> ________________________________________________________________________
> _____________
> Get more from the Web.  FREE MSN Explorer download :
> http://explorer.msn.com

> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
> User Support Mailing List                      [EMAIL PROTECTED]
> Automated List Manager                            [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to