We have a similar problem using . We use
Apache/1.3.12 (Win32) tomcat/1.0 mod_ssl/2.6.1 OpenSSL/0.9.5
We get
SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
in the log file when a Netscape Client connects using non 128-bit capable
browser.
We use a chain file. All other client are working fine (IE all versions and
Netscape 128-bit)
JF
----- Original Message -----
From: "John Siracusa" <[EMAIL PROTECTED]>
To: "Mod SSL" <[EMAIL PROTECTED]>
Sent: Tuesday, November 14, 2000 9:17 AM
Subject: Re: MOD_SSL + MSIE 5.x
> I have a similar problem. I'm using apache 1.3.14, openssl 0.9.6, and
> mod_ssl 2.7.1 on Solaris 2.7. Bone-stock config, but IE5 chokes (and IE4,
> actually). I searched and found the following suggested config changes:
>
> ---
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>
> ---
>
> But that didn't help at all. I tried it with a both a self-signed
> certificate and a legit VeriSign cert with all the correct info. All
> versions of Netscape work just fine with this setup. Frustrating.
>
> In the interest of completeness, an attempted connection from Mac IE5 is
> shown at the debug log level below:
>
> ---
>
> [13/Nov/2000 11:52:19 02090] [info] Server: Apache/1.3.14, Interface:
> mod_ssl/2.7.1, Library: OpenSSL/0.9.6
> [13/Nov/2000 11:52:19 02090] [info] Init: 1st startup round (still not
> detached)
> [13/Nov/2000 11:52:19 02090] [info] Init: Initializing OpenSSL library
> [13/Nov/2000 11:52:19 02090] [info] Init: Loading certificate & private
key
> of SSL-aware server xxx.com:443
> [13/Nov/2000 11:52:19 02090] [info] Init: Requesting pass phrase via
> builtin terminal dialog
> [13/Nov/2000 11:52:22 02090] [trace] Init: (xxx.com:443) encrypted RSA
> private key - pass phrase requested
> [13/Nov/2000 11:52:22 02090] [info] Init: Wiped out the queried pass
> phrases from memory
> [13/Nov/2000 11:52:22 02090] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> [13/Nov/2000 11:52:22 02090] [info] Init: Generating temporary RSA
private
> keys (512/1024 bits)
> [13/Nov/2000 11:52:35 02090] [info] Init: Configuring temporary DH
> parameters (512/1024 bits)
> [13/Nov/2000 11:52:35 02104] [info] Init: 2nd startup round (already
> detached)
> [13/Nov/2000 11:52:35 02104] [info] Init: Reinitializing OpenSSL library
> [13/Nov/2000 11:52:35 02104] [warn] Init: Session Cache is not configured
> [hint: SSLSessionCache]
> [13/Nov/2000 11:52:35 02104] [info] Init: Seeding PRNG with 136 bytes of
> entropy
> [13/Nov/2000 11:52:35 02104] [info] Init: Configuring temporary RSA
private
> keys (512/1024 bits)
> [13/Nov/2000 11:52:35 02104] [info] Init: Configuring temporary DH
> parameters (512/1024 bits)
> [13/Nov/2000 11:52:35 02104] [info] Init: Initializing (virtual) servers
> for SSL
> [13/Nov/2000 11:52:35 02104] [info] Init: Configuring server xxx.com:443
> for SSL protocol
> [13/Nov/2000 11:52:35 02104] [trace] Init: (xxx.com:443) Creating new SSL
> context (protocols: SSLv2, SSLv3, TLSv1)
> [13/Nov/2000 11:52:35 02104] [trace] Init: (xxx.com:443) Configuring
> permitted SSL ciphers
> [ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP]
> [13/Nov/2000 11:52:35 02104] [trace] Init: (xxx.com:443) Configuring RSA
> server certificate
> [13/Nov/2000 11:52:35 02104] [trace] Init: (xxx.com:443) Configuring RSA
> server private key
> [13/Nov/2000 11:53:01 02105] [info] Connection to child 0 established
> (server xxx.com:443, client xxx.xxx.xxx.xxx)
> [13/Nov/2000 11:53:01 02105] [info] Seeding PRNG with 0 bytes of entropy
> [13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Handshake: start
> [13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: before/accept
> initialization
> [13/Nov/2000 11:53:01 02105] [debug] OpenSSL: read 11/11 bytes from
> BIO#00224B18 [mem: 0023DAF0] (BIO dump follows)
>
+-------------------------------------------------------------------------+
> | 0000: 16 03 00 00 35 01 00 00-31 03 ....5...1.
|
> | 000b - <SPACES/NULS>
>
+-------------------------------------------------------------------------+
> [13/Nov/2000 11:53:01 02105] [debug] OpenSSL: read 47/47 bytes from
> BIO#00224B18 [mem: 0023DAFB] (BIO dump follows)
>
+-------------------------------------------------------------------------+
> | 0000: bd ba 54 9f 7c 7a df e8-22 3b 8a c0 7a 40 90 22 ..T.|z..";..z@."
|
> | 0010: 49 3e 9e 54 63 dc fe b7-55 40 ab 9f 4b 66 f3 1e I>[email protected]..
|
> | 0020: 00 00 0a 00 04 00 0a 00-09 00 03 00 06 01 ..............
|
> | 002f - <SPACES/NULS>
>
+-------------------------------------------------------------------------+
> [13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 read client
hello
> A
> [13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 write server
hello
> A
> [13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 write
certificate
> A
> [13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 write server
done
> A
> [13/Nov/2000 11:53:01 02105] [debug] OpenSSL: write 663/663 bytes to
> BIO#00224B18 [mem: 0022E8C8] (BIO dump follows)
>
+-------------------------------------------------------------------------+
> | 0000: 16 03 00 00 2a 02 00 00-26 03 00 3a 10 1c 6d 37 ....*...&..:..m7
|
> | 0010: fc 55 de 79 2e f3 89 04-95 71 cd 0f 71 c8 4c 51 .U.y.....q..q.LQ
|
> | 0020: 1b 88 52 f1 2a b7 32 10-85 e5 62 00 00 04 00 16 ..R.*.2...b.....
|
> | 0030: 03 00 02 5a 0b 00 02 56-00 02 53 00 02 50 30 82 ...Z...V..S..P0.
|
> | 0040: 02 4c 30 82 01 b9 02 10-24 4d 34 1b d1 5c e8 90 .L0.....$M4..\..
|
> | 0050: f8 9c cc 4f e2 9b 0e af-30 0d 06 09 2a 86 48 86 ...O....0...*.H.
|
> | 0060: f7 0d 01 01 04 05 00 30-5f 31 0b 30 09 06 03 55 .......0_1.0...U
|
> | 0070: 04 06 13 02 55 53 31 20-30 1e 06 03 55 04 0a 13 ....US1 0...U...
|
> | 0080: 17 52 53 41 20 44 61 74-61 20 53 65 63 75 72 69 .RSA Data Securi
|
> | 0090: 74 79 2c 20 49 6e 63 2e-31 2e 30 2c 06 03 55 04 ty, Inc.1.0,..U.
|
> | 00a0: 0b 13 25 53 65 63 75 72-65 20 53 65 72 76 65 72 ..%Secure Server
|
> | 00b0: 20 43 65 72 74 69 66 69-63 61 74 69 6f 6e 20 41 Certification A
|
> | 00c0: 75 74 68 6f 72 69 74 79-30 1e 17 0d 30 30 31 31 uthority0...0011
|
> | 00d0: 31 33 30 30 30 30 30 30-5a 17 0d 30 31 31 30 32 13000000Z..01102
|
> | 00e0: 36 32 33 35 39 35 39 5a-30 73 31 0b 30 09 06 03 6235959Z0s1.0...
|
> | 00f0: 55 04 06 13 02 55 53 31-16 30 14 06 03 55 04 08 U....US1.0...U..
|
> | 0100: 13 0d 4d 61 73 73 61 63-68 75 73 65 74 74 73 31 ..Massachusetts1
|
> | 0110: 0f 30 0d 06 03 55 04 07-14 06 42 6f 73 74 6f 6e .0...U....Boston
|
> | 0120: 31 1a 30 18 06 03 55 04-0a 14 11 4e 65 77 4d 61 1.0...U....NewMa
|
> | 0130: 72 6b 65 74 20 4e 65 74-77 6f 72 6b 31 1f 30 1d rket Network1.0.
|
> | 0140: 06 03 55 04 03 14 16 xx-xx xx xx xx xx xx xx xx ..U....xxxxxxxxx
|
> | 0150: xx xx xx xx xx xx xx xx-xx xx xx xx xx 30 81 9f xxxxxxxxxxxxx0..
|
> | 0160: 30 0d 06 09 2a 86 48 86-f7 0d 01 01 01 05 00 03 0...*.H.........
|
> | 0170: 81 8d 00 30 81 89 02 81-81 00 d7 b8 ef fa 66 f9 ...0..........f.
|
> | 0180: a8 df 19 53 d9 57 4c 7b-9c fb 98 7b 28 2e 92 f6 ...S.WL{...{(...
|
> | 0190: 61 96 02 7b 1b 29 60 fd-e2 bf 5e 44 57 71 f9 38 a..{.)`...^DWq.8
|
> | 01a0: d7 fd 3e ae c8 76 df 30-37 4c 95 8d 2e fd 88 4c ..>..v.07L.....L
|
> | 01b0: dd 24 29 67 49 2d 0b a9-79 d0 66 97 4d fb cc 62 .$)gI-..y.f.M..b
|
> | 01c0: 80 91 1e e8 2c e8 bc a8-95 5a 8b 83 2d b5 0d 98 ....,....Z..-...
|
> | 01d0: 8c 89 85 4b 71 0a 25 db-8e 22 79 c6 98 28 e6 39 ...Kq.%.."y..(.9
|
> | 01e0: de 3a de 4b f5 50 9a 00-33 ec fb e5 19 57 29 ce .:.K.P..3....W).
|
> | 01f0: 61 18 f2 f0 cf 9c 5b b8-f0 03 02 03 01 00 01 30 a.....[........0
|
> | 0200: 0d 06 09 2a 86 48 86 f7-0d 01 01 04 05 00 03 7e ...*.H.........~
|
> | 0210: 00 2c b2 95 4d fd 11 a7-2e a8 c1 48 74 13 34 19 .,..M......Ht.4.
|
> | 0220: 5d 55 20 42 82 6e 7f 25-2a 3f 99 81 e2 d6 89 76 ]U B.n.%*?.....v
|
> | 0230: 1a fb 35 32 dd 63 62 87-1c a4 c1 e2 64 32 bf 18 ..52.cb.....d2..
|
> | 0240: 32 eb ee 3b 91 6a 55 3c-65 62 f4 1d 72 9e 2a 28
2..;.jU<eb..r.*( |
> | 0250: 49 13 54 3d 2c b4 aa 8e-e8 2d 93 22 8b b7 ce 38 I.T=,....-."...8
|
> | 0260: dd fa fc a2 ab d4 2f 7a-cd 16 c8 82 4f 32 a0 c9 ....../z....O2..
|
> | 0270: 29 c9 a4 eb f7 fe a7 0d-00 dc b0 4b 00 91 91 8a )..........K....
|
> | 0280: 65 ad 44 40 2e 23 d3 e1-d6 ef 7c e3 1a 12 16 03 e.D@.#....|.....
|
> | 0290: 00 00 04 0e ....
|
> | 0297 - <SPACES/NULS>
>
+-------------------------------------------------------------------------+
> [13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Loop: SSLv3 flush data
> [13/Nov/2000 11:53:01 02105] [debug] OpenSSL: I/O error, 5 bytes expected
to
> read on BIO#00224B18 [mem: 0023DAF0]
> [13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Exit: error in SSLv3 read
> client certificate A
> [13/Nov/2000 11:53:01 02105] [trace] OpenSSL: Exit: error in SSLv3 read
> client certificate A
> [13/Nov/2000 11:53:01 02105] [error] SSL handshake interrupted by system
> [Hint: Stop button pressed in browser?!] (System error follows)
> [13/Nov/2000 11:53:01 02105] [error] System: Connection reset by peer
> (errno: 131)
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
