Problems with Verisign Global Server ID certificate & Netscape clients

Thu, 15 Jun 2000 01:27:13 -0700 

Hi everyone on the list,
I' m new to this list so forgive me if my question was
already solved.

The problem (as in subject) concerns Netscape browsers exported
editions that try to connect to an Win NT Server Box with OpenSA 0.20
equipped with my Verisign Global Server ID certs.

As mentioned in the mod_ssl README.GlobalID Netscape browsers
has to step up from a 40 bit EXP-RC4-MD5 to the stronger 128 bit
RC4-MD5, but on the browser side an error window appears telling
about a Network Error and on the Apache engine log,put in trace
mode, the following lines are generated:

[15/Jun/2000 10:18:34 00270] [info]  Connection to child 0 established (server 
www.myserv.it:443, client 
192.168.1.128)
[15/Jun/2000 10:18:34 00270] [info]  Seeding PRNG with 1160 bytes of entropy
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Handshake: start
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: before/accept initialization
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read client hello A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write server hello A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write certificate A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write key exchange A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write server done A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 flush data
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read client key exchange A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read finished A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write change cipher spec A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write finished A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 flush data
[15/Jun/2000 10:18:34 00270] [trace] Inter-Process Session Cache: request=SET 
status=OK 
id=C0595B369C0126F6782BF20E3B8112EA16F0AA1B2DEAB5C2DA6773F5103D95D3 timeout=300s 
(session caching)
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Handshake: done
[15/Jun/2000 10:18:34 00270] [info]  Connection: Client IP: 192.168.1.128, Protocol: 
SSLv3, Cipher: EXP-RC4-MD5 
(40/128 bits)
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Handshake: start
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: before accept initialization
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read client hello A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write server hello A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write certificate A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 write server done A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 flush data
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Exit: error in SSLv3 read client 
certificate A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Loop: SSLv3 read client key exchange A
[15/Jun/2000 10:18:34 00270] [trace] OpenSSL: Exit: error in SSLv3 read certificate 
verify A
[15/Jun/2000 10:18:34 00270] [info]  Connection to child 0 closed with standard 
shutdown (server www.myserv.it:443, 
client 192.168.1.128)

Trying the same with a RH 6.0 Linux Box whith same configuration:
Apache 1.3.12 + Mod_SSL 2.6.2 + PHP4 +OpenSSL 0.9.5 everything works fine.

What's happening ???

Regards


-------------------------------------------------------------------
"On a day not different than the one now dawning, Leonardo drew the
first strokes of the Mona Lisa, Shakespeare wrote the first words
of Hamlet, and Beethoven began work on his Ninth Symphony."
And Windows98 Crashed!
-------------------------------------------------------------------
 Francesco D'Inzeo
 WinTech S.r.l.
 Via Lisbona 7
 35127 PADOVA (Italy)
 Tel. (+39)-(0)49-8703033
 Fax. (+39)-(0)49-8703045
 e-mail [EMAIL PROTECTED]

Reply via email to