If I recall, apache on sun boxen requires some additional work to get
/dev/urandome<random> PRNG to work ccorrectly. This is a common question,
and is other covered in the archives, or might well be in the FAQ.
If this is incorrect, or not the issue at hand, others will step in to
spank me into clued space <smile>.
Thanks,
Ron DuFresne
On Mon, 3 Feb 2003, Kurt A. Buckardt wrote:
> I am trying to bring up Apache 2.0.44 with mod_ssl module on Solaris 8,
> and can't get an https connection to the box. Http works just fine.
> Any suggestions on how to proceed would be greatly appreciated.
>
> I've downloaded & installed OpenSSL 0.9.6g (sunfreeware.comn
> I've created a certificate and key:
> /usr/local/apache2/conf/ssl.crt/server.crt
> /usr/local/apache2/conf/ssl.key/server.key
> I've downloaded, compiled, & made Apache with --enable-ssl
>
> Here's Apache's ssl.conf file, which is called from Apache's httpd.conf
> file:
> <IfDefine SSL>
> Listen 443
>
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
>
> SSLPassPhraseDialog builtin
>
> SSLSessionCache dbm:logs/ssl_scache
> SSLSessionCacheTimeout 300
>
> SSLMutex file:logs/ssl_mutex
>
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
> SSLRandomSeed startup file:/dev/urandom 512
>
> <VirtualHost _default_:443>
>
> DocumentRoot "/usr/local/apache2/htdocs"
> ServerName new.host.name:443
> ServerAdmin [EMAIL PROTECTED]
> ErrorLog logs/error_log
> TransferLog logs/access_log
>
> SSLEngine on
>
> SSLCipherSuite
> ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
>
> SSLCertificateFile /usr/local/apache2/conf/ssl.crt/server.crt
>
> SSLCertificateKeyFile /usr/local/apache2/conf/ssl.key/server.key
>
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/usr/local/apache2/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
>
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>
> </VirtualHost>
>
> </IfDefine>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
