grrr...I had, but in the wrong file...my first apache2 installation.... thx :)
Oliver
Ives Steglich wrote:
Oliver Welter wrote:
Hi Guys,
I think I found a Bug...
In my acl/pub.xml i wrote:
<channel> <type>mod_ssl</type> <protocol>ssl</protocol> <source>.*</source> <asymmetric_cipher>.*</asymmetric_cipher> <asymmetric_keylength>0</asymmetric_keylength> <symmetric_cipher>.*</symmetric_cipher> <symmetric_keylength>128</symmetric_keylength> </channel>
My Mozilla tells me, Im using AES 256 bit but OpenCA complains
Error Aborting connection - you are using a too short symmetric keylength (). General Error. 6251043.
I think I am right than 256 is larger than 128 :) Every value not 0 for "symmetric_keylength" will cause this error.
Bug or am I wrong with the meaning of the param ??
I think you have the Apache not configured to export SSL-Parameters, like most of the ppl at the user-list did the recent days, Michael has the documantation updated because this hint was missing ;o)
look if you have enabled: SSLOptions +StdEnvVars +ExportCertData
otherwise the perl-scripts don't get the required parameters from Apache
greetings dalini s://lists.sourceforge.net/lists/listinfo/openca-devel
-- Diese Nachricht wurde digital unterschrieben oliwel's public key: http://www.oliwel.de/oliwel.crt Basiszertifikat: http://www.ldv.ei.tum.de/page72
smime.p7s
Description: S/MIME Cryptographic Signature
