Hi,
This is a rather odd questions. Apologies if anyone has seen this on the
mod_ssl list (the same problem occurs with 0.9.5a; I haven't tried later
versions yet).
Anyway, if anyone can explain the following I'd be more than grateful:
I have some server code that uses openSSL. During testing we have found a
problem with Netscape Navigator 4.5 on NT. The browser connects to Apache
(openSA, using mod_ssl and openSSL 0.9.5) with (almost - see below) no
problems. However, the same browser will not connect to my server.
After spending the day trying to find differences in the code I am starting
to wonder whether mod_ssl has a patch applied that is not in OpenSSL. Is
that possible? (the mod_ssl I am using comes precompiled from openSA). Can
anyone suggest any other possible difference (see details below)?
OK, in more detail:
- my "server" is not a general HTTP server (we use Apache for that), so we
can't just switch to Apache.
- both Apache/mod_ssl and my server are presenting the same certificate + key
- other browsers (NN 4.7 (high security), IE 5.0 (low security), IE 5.5
(high security)) work just fine with both
- I am using OpenSSL 0.9.5 (I downgraded so that I could be sure I was
comparing like with like)
- I am using all cipher suites, with the same cipher select ("ALL:...")
statement for both servers
- I am using SSLv3_method in my code and SSLProtocol: SSLv3 in Apache/mod_ssl
- SSL diagnostics from my own server indicate that SSL3_GET_RECORD is
seeing the wrong version
- NN reports "connection refused"
- If I change to SSLv2_method then I can get NN 4.5 to work (but we need v3)
- Apache/mod_ssl is negotiating a v3 cipher (EXP-RC4-MD5)
- The only slight wrinkle in the Apache/mod_ssl engine log is an
intermittent read error in BIO (5 bytes not read), but this appears to be
caught immediately and re-read (and also occurs during data transfer, after
the SSL handshake has completed).
So can anyone shed any light on this? As you can imagine, I'm frustrated
and confused. How does mod_ssl manage to work?! :-)
Thanks,
Andrew
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
