On Thu, Jan 29, 2009 at 06:15:04AM -0500, Georges-Etienne Legendre wrote:
> It works with what you suggested. Apache is running on a Linux box.
>
> Is there something to set in Apache to resolve this?
Yes, give it a set of non-broken 3DES ciphersuites. None of the below
work:
$ openssl ciphers -v '3DES+SSLv3:!aDSS:@STRENGTH'
ADH-DES-CBC3-SHA SSLv3 Kx=DH Au=None Enc=3DES(168) Mac=SHA1
EDH-RSA-DES-CBC3-SHA SSLv3 Kx=DH Au=RSA Enc=3DES(168) Mac=SHA1
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
I don't know how this Apache managed to break these, but it certainly
did. Perhaps it can't deal with non-stream ciphers that require padding,
and miscalculates packet sizes...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
