Thanks everyone for your suggestions :) but its still not working :( I
will do anything to get this working :( here is my new virtual host i took
your suggestions to heart, however, some of them are giving me errors. For
instance if I try to use strictly sslv2 I get this error when trying to
connect with a msie5.x brower...
[error] OpenSSL: error:1407D0AF:SSL routines:SSL2_READ:non sslv2 initial
packet
here are some additional errors i've recieved when using sslv3..
[error] OpenSSL: error:14094418:SSL routines:SSL3_READ_BYTES:tlsv1 alert
unknown ca
ok here is the most important part of my httpd.conf... again hehe
<IfDefine SSL>
Listen 216.186.181.230:443
NameVirtualHost 216.186.181.230:443
</IfDefine>
<VirtualHost 216.186.181.230:443>
DocumentRoot /home/commaflex/public_html/checkout
ServerAdmin [EMAIL PROTECTED]
ServerName checkout.commaflex.com
ErrorLog /home/commaflex/public_html/checkout/.error.log
TransferLog /home/commaflex/public_html/checkout/.transfer.log
SSLEngine on
SSLCertificateFile
/usr/local/ssl.keys/checkout.commaflex.com/ssl.csr/server.crt
SSLCertificateKeyFile
/usr/local/ssl.keys/checkout.commaflex.com/ssl.key/server.key
SSLCipherSuite
!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateChainFile
/usr/local/ssl.keys/checkout.commaflex.com/ssl.crt/ca.crt
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/usr/local/apache/htdocs/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
CustomLog /var/log/apache_ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
SSLLogLevel debug
</VirtualHost>
..I went ahead and 'deleted the SSLCertificateChainFile', 'deleted the
SSLCipherSuite', and changed it to SSLProtocol SSLv2, however all these
resulted in where errors :(. I would appreciate so very much any more
suggestions that anyone has.
P.S. with the virtual host configuration i'm using above, the server
reports NO errors it completess the hand shake successfully and then shuts
the connection leaving me with a 'page cannot be displayed'.
brendon
>From: Austin Gonyou <[EMAIL PROTECTED]>
>Reply-To: [EMAIL PROTECTED]
>To: [EMAIL PROTECTED]
>Subject: Re: somebody shoot me, please
>Date: Wed, 15 Nov 2000 22:42:56 GMT
>
>Have you tried not loading the chain file and commentint out the
>SSLCipherSuite stuff?
>Austin
>
> >>>>>>>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
>
>On 11/15/00, 4:15:59 PM, Brendon Maragia <[EMAIL PROTECTED]> wrote
>regarding Re: somebody shoot me, please:
>
>
> > Thanks for the idea, Dan but it didn't work :( . Anybody else have any
>
> > suggestions? This is getting to be ridiculous lol :( Am I doomed? Am
> > I
> > going to have to use Apache-SSL? Ahh god please say no!!!
>
>
> > >From: Dan Roscigno <[EMAIL PROTECTED]>
> > >Reply-To: [EMAIL PROTECTED]
> > >To: [EMAIL PROTECTED]
> > >Subject: Re: somebody shoot me, please
> > >Date: Wed, 15 Nov 2000 08:05:00 -0800 (PST)
> > >
> > >
> > >I think you might need to limit the ciphers you accept. To get all of
> > my
> > >(known) clients working I wathed my logs to see what cipher was being
> > used
> > >by the clients which failed and then removed that from the list (with a
> > >`!'). Here is what I ended up with:
> > >
> > >SSLCipherSuite
> > >!EXP1024-RC4-SHA:!EXP1024-DES-CBC-SHA:ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+ME
> > DIUM:+LOW:+SSLv2:+EXP:+eNULL
> > >
> > >The EXP1024-* ciphers were my problems.
> > >
> > >Dan Roscigno [EMAIL PROTECTED]
> > >(425)864-5540
> > >
> > >On Wed, 15 Nov 2000, Brendon Maragia wrote:
> > >
> > > > First i'd like to thank everyone for their advice about my MOD_SSL +
>
> > >MSIE5.x
> > > > problem. I recompiled everything WITHOUT rsaref-2.0 and I still
> > cannot
> > >get
> > > > a connection with MSIE5.5 only MSIE4.0 & 5.0. Heres a quick run
> > down of
> > > > what i'm running and the virtual host i'm trying to connect to...
> > > >
> > > > apache_1.3.14
> > > > mod_ssl-2.7.1-1.3.14
> > > > openssl-0.9.6
> > > >
> > > > My Virtual Host:
> > > >
> > > > <VirtualHost 216.186.181.230:443>
> > > > DocumentRoot /home/commaflex/public_html/checkout
> > > > ServerAdmin [EMAIL PROTECTED]
> > > > ServerName checkout.commaflex.com
> > > > ErrorLog /home/commaflex/public_html/checkout/.error.log
> > > > TransferLog /home/commaflex/public_html/checkout/.transfer.log
> > > > SSLEngine on
> > > >
> > > > SSLCertificateFile
> > > > /usr/local/ssl.keys/checkout.commaflex.com/ssl.csr/server.crt
> > > >
> > > > SSLCertificateKeyFile
> > > > /usr/local/ssl.keys/checkout.commaflex.com/ssl.key/server.key
> > > >
> > > > SSLCipherSuite
> > ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> > > > SSLCertificateChainFile
> > > > /usr/local/ssl.keys/checkout.commaflex.com/ssl.crt/ca.crt
> > > >
> > > > <Files ~ "\.(cgi|shtml)$">
> > > > SSLOptions +StdEnvVars
> > > > </Files>
> > > > <Directory "/usr/local/apache/htdocs/cgi-bin">
> > > > SSLOptions +StdEnvVars
> > > > </Directory>
> > > >
> > > > SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> > > > downgrade-1.0 force-response-1.0
> > > >
> > > > CustomLog /var/log/apache_ssl_request_log \
> > > > "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> > > > SSLLogLevel debug
> > > > </VirtualHost>
> > > >
> > > > ...I've checked all my logs upon trying to connect with MSIE5.0 and
> > the
> > > > server seems to execute a standard hand shake, and then gracefully
> > >execute a
> > > > standard shutdown with no complaints.
> > > >
> > > > All I get from MSIE5.x is "Page Could Not Be Displayed". Could
> > someone
> > > > pleassee pleaseee help :)
> > > >
> > > > Brendon
> > > >
> > >_______________________________________________________________________
> > __
> > > > Get Your Private, Free E-mail from MSN Hotmail at
> > >http://www.hotmail.com.
> > > >
> > > > Share information about yourself, create your own public profile at
> > > > http://profiles.msn.com.
> > > >
> > > >
> > ______________________________________________________________________
> > > > Apache Interface to OpenSSL (mod_ssl)
> > www.modssl.org
> > > > User Support Mailing List
> > [EMAIL PROTECTED]
> > > > Automated List Manager
> > [EMAIL PROTECTED]
> > > >
> > >
> > >______________________________________________________________________
> > >Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > >User Support Mailing List [EMAIL PROTECTED]
> > >Automated List Manager [EMAIL PROTECTED]
>
> > ________________________________________________________________________
> > _____________
> > Get more from the Web. FREE MSN Explorer download :
> > http://explorer.msn.com
>
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
>______________________________________________________________________
>Apache Interface to OpenSSL (mod_ssl) www.modssl.org
>User Support Mailing List [EMAIL PROTECTED]
>Automated List Manager [EMAIL PROTECTED]
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Share information about yourself, create your own public profile at
http://profiles.msn.com.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
