Re: [Openca-Users] too short symmetric keylength: General Error. 6251043.

Tue, 17 Aug 2004 23:54:49 -0700 

Hi Kevin,

I had the same problem :)
Its likely that you have not exportet your SSL-Vars to Perl...
Add
SSLOptions +StdEnvVars
to your SSL-Config in apache and it sould work

Oliver

Kevin wrote: 
Hi List-

Many thanks for suggestions relating to my other posts here (some of
which I'm still trying to resolve), but I did get a successful
configure/make/make install of OpenCA according to the OpenCA Cookbook
that Johnny Gonzalez referred me to on a SuSE 9.0 box.  I'm still
struggling with this part on a Gentoo system, but with the SuSE system,
I may be suffering from a configuration problem, and that's what I'm
trying to resolve with this message.

I have the following error upon accessing https://localhost/ra

Error Aborting connection - you are using a too short symmetric
keylength ().
General Error. 6251043.
I saw in the archives in May where someone else had this problem and
Michael pointed out the solution by explaining that the keylength in
etc/access_control/ra.xml file was appraently the problem.

In my etc/access_control/ra.xml, I have the following:

<openca>
    <access_control>
        <channel>
            <type>mod_ssl</type>
            <protocol>ssl</protocol>
            <source>.*</source>
            <asymmetric_cipher>.*</asymmetric_cipher>
            <asymmetric_keylength>0</asymmetric_keylength>
            <symmetric_cipher>.*</symmetric_cipher>
            <symmetric_keylength>128</symmetric_keylength>
        </channel>
...

And when I use Mozilla Firefox to view https://localhost/ra and click
the lock, it reports that the connection is encrypted with High-grade
Encryption (AES-256 256 bit).

Perhaps OpenCA doesn't know about the AES cipher?

Or is it this other thing that Michael mentioned in his reply to that
poster: "The empty () at the end of the errormessage looks like a general problem with your SSL"

I have no problems viewing other content over the https protocol.  Only
OpenCA stuff.

Any help here?

-Kevin




-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users


--
Diese Nachricht wurde digital unterschrieben
oliwel's public key: http://www.oliwel.de/oliwel.crt
Basiszertifikat: http://www.ldv.ei.tum.de/page72

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to