modssl: SSLSessionCache dbm
I can't get my SSLSessionCache working! I am running SuSE 7.2 Pro; Apache/1.3.20 mod_ssl/2.8.4 OpenSSL/0.9.6b mod_jk PHP/4.0.6 configured shm is not supported so I am using dbm: SSLSessionCache dbm:/var/log/httpd/MAIN/ssl/ssl_cache SSLSessionCacheTimeout 300 but no cache-files get created. It tried it successfully with an other machine that I configed nearly exactly the same (I am running SuSE 7.2 Pro; Apache/1.3.20 mod_ssl/2.8.4 OpenSSL/0.9.6a mod_jk PHP/4.0.6 ; httpd.conf, ssl, DNS, ...) - OpenSSL/0.9.6a instead of OpenSSL/0.9.6b anyone an idea?? Please help me! regards Lukas __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
AW: mod_ssl still does not work with Mac IE5
Got the same problem for 3 Weeks now! (and none of my mails to this list
were answered)
So please fellows, if there's anybody out there brave enough to fight
(MAC)IE do something about this situation.
regards
Lukas
-Ursprungliche Nachricht-
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]Im Auftrag von John Siracusa
Gesendet: Sonntag, 02. Dezember 2001 17:52
An: Mod SSL
Betreff: mod_ssl still does not work with Mac IE5
(I sent this from another address earlier, but I don't think it went
through.)
---
Back in December of 2000, I wrote the following message about mod_ssl not
working with Mac IE5:
http://www.mail-archive.com/modssl-users@modssl.org/msg09708.html
I'm at a new job now, but it seems I cannot escape this bug. I built a
fresh new apache binary, set up in box-stock form according to the simple
instructions I found here:
http://www.modssl.org/example/
I started the server and hit it via https with Mozilla 0.9.6. It worked
fine. Then I tried Mac IE5. I get the same result as I did in December
2000:
---
...
[30/Nov/2001 12:43:26 03477] [trace] OpenSSL: Loop: SSLv3 flush data
[30/Nov/2001 12:43:26 03477] [debug] OpenSSL: I/O error, 5 bytes expected to
read on BIO#001ED978 [mem: 001F3078]
[30/Nov/2001 12:43:26 03477] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate A
[30/Nov/2001 12:43:26 03477] [trace] OpenSSL: Exit: error in SSLv3 read
client certificate A
[30/Nov/2001 12:43:26 03477] [error] SSL handshake interrupted by system
[Hint: Stop button pressed in browser?!] (System error follows)
[30/Nov/2001 12:43:26 03477] [error] System: Connection reset by peer
(errno: 131)
---
SSL log debug dumps of a request for / made in Mozilla, and the same
request made in Mac IE5, are available at:
http://homepage.mac.com/jcs/.Public/mac-IE5-request.txt
http://homepage.mac.com/jcs/.Public/mozilla-0.9.6-request.txt
Is ANYONE out there actually using an apache/mod_ssl server that works with
Mac IE5? If so, what's the trick? I searched the web for information and
only found my old thread from 2000, plus a suggestion to add:
SSLRequire %{SSL_CIPHER} = 128
To my conf file. (I tried it and it didn't help.) I've sent these dumps to
the powers that be at MS, but haven't heard back. I'm hoping that there's
some way I can get this to work without waiting for MS. Please help! :(
-John
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager[EMAIL PROTECTED]
SSLSessionCache
I've had a lot of troubles with MSIE talking to my SSL-Server (even IE5.5 Win2k) So I went and looked up the following solution in the FAQ http://www.modssl.org/docs/2.8/ssl_faq.html SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP #and as suggested in the FAQ I used the SSLSessionCache Directive SSLSessionCache dbm:/var/log/httpd/MAIN/ssl_cache IE on windows platforms is satisfied now but on Macintosh it's still telling me that an error occured while encrypting the data. One thing to mention is that the file /var/log/httpd/MAIN/ssl_cache is not created!! Why is that? And could that be the reason why I am having troubles with IE on Mac? the SSLLog says: [23/Nov/2001 20:47:00 22850] [info] Connection to child 10 established (server secure.myserver.com:443, client 192.168.1.87) [23/Nov/2001 20:47:00 22850] [info] Seeding PRNG with 0 bytes of entropy [23/Nov/2001 20:47:00 22850] [trace] OpenSSL: Handshake: start [23/Nov/2001 20:47:00 22850] [trace] OpenSSL: Loop: before/accept initialization [23/Nov/2001 20:47:00 22850] [trace] OpenSSL: Loop: SSLv3 read client hello A [23/Nov/2001 20:47:00 22850] [trace] OpenSSL: Loop: SSLv3 write server hello A [23/Nov/2001 20:47:00 22850] [trace] OpenSSL: Loop: SSLv3 write certificate A [23/Nov/2001 20:47:00 22850] [trace] OpenSSL: Loop: SSLv3 write server done A [23/Nov/2001 20:47:00 22850] [trace] OpenSSL: Loop: SSLv3 flush data [23/Nov/2001 20:47:00 22850] [trace] OpenSSL: Exit: error in SSLv3 read client certificate A [23/Nov/2001 20:47:00 22850] [trace] OpenSSL: Exit: error in SSLv3 read client certificate A [23/Nov/2001 20:47:00 22850] [error] SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [23/Nov/2001 20:47:00 22850] [error] System: Connection reset by peer (errno: 104) while the access_log says nothing and the error_log says: [Fri Nov 23 20:50:56 2001] [error] mod_ssl: SSL handshake interrupted by system [Hint: Stop button pressed in browser?!] (System error follows) [Fri Nov 23 20:50:56 2001] [error] System: Connection reset by peer (errno: 104) __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
mod_ssl: Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)
When I enable SSL (SSLEngine on in httpd.conf) the following error is logged: [Sat Jul 14 19:34:55 2001] [error] mod_ssl: Init: (someserver:80) Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!) After disable SSL everything's just fine. But I definitely need SSL! I am using: Apache/1.3.20 (Unix) PHP/4.0.6 mod_ssl/2.8.4 OpenSSL/0.9.6a (in fact SuSE Linux 7.2) Is anyone out there who can help me? Lukas Feiler /** EndlosProduktion Kusch Senoner OEG [EMAIL PROTECTED] www.endlos.at **/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
Re: mod_ssl: Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!)
Thanks for your quick response but SSLEngine on does not appears two times in my httpd.conf (I wished that would have been the problem) Can you (or anybody else!) think of an other reason (-solution) for my problem? Help needed! Lukas Feiler /** EndlosProduktion Kusch Senoner OEG [EMAIL PROTECTED] www.endlos.at **/ - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, July 16, 2001 11:34 AM Subject: RE: mod_ssl: Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!) This is a wild guess, but you wouldn't happen to have SSLEngine on more than once in your httpd.conf? You can do this if they are in different virtual hosts, but I think this error would be caused otherwise. - John Airey Internet Systems Support Officer, ITCSD, Royal National Institute for the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 [EMAIL PROTECTED] -Original Message- From: Lukas Feiler [mailto:[EMAIL PROTECTED]] Sent: 16 July 2001 10:23 To: [EMAIL PROTECTED] Subject: mod_ssl: Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!) When I enable SSL (SSLEngine on in httpd.conf) the following error is logged: [Sat Jul 14 19:34:55 2001] [error] mod_ssl: Init: (someserver:80) Illegal attempt to re-initialise SSL for server (theoretically shouldn't happen!) After disable SSL everything's just fine. But I definitely need SSL! I am using: Apache/1.3.20 (Unix) PHP/4.0.6 mod_ssl/2.8.4 OpenSSL/0.9.6a (in fact SuSE Linux 7.2) Is anyone out there who can help me? Lukas Feiler /** EndlosProduktion Kusch Senoner OEG [EMAIL PROTECTED] www.endlos.at **/ __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager[EMAIL PROTECTED]
