sion of openssl are you using?
Try adding the following line to that failing vhost:
SSLCipherSuite ALL:!SSLv2
(You probably want to tune it more later if you care about the security,
but the important thing here is to get rid of SSLv2)
To see which ciphers this opens up, run openssl
een quite a bit of httpd 2.x related modssl talk here and
not heard many complaints.
vh
Mads Toftum
--
http://soulfood.dk
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
r apache 2.x related modules, incl. modssl, on the apache mailing
> lists.
We did actually create a list for modssl over at httpd.apache.org, but
so far there's been no valid traffic (note to self: put the list on
http://httpd.apache.org/lists.html or shut it down).
vh
Mads Toftum
--
On Tue, Sep 11, 2007 at 01:10:20PM -0400, Aaron Smith wrote:
> Oh! My apologies. I thought this was a mailing list for mod_ssl
> independent of version.
>
It has been used for both versions over time - this is pretty much the
first time anyone complained.
vh
Mads Toftum
--
http://so
enable-ssl when configuring apache 2 - mod_ssl is included in the
apache httpd-2.x source.
vh
Mads Toftum
--
http://soulfood.dk
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Suppo
pendent?
>
Lifetime can't be forced from the serverside, all you can do is set an
upper bound on it. The client may very well choose to cut the session
earlier. I've seen clients that let sessions live longer with a higher
level of security on the session - but it still isn't a
ple of a client using short session times is IE which would
expire SSL2 sessions really fast, but allow TLSv1 with strong crypto to
live much longer (that experience is a couple of years old, so they've
probably changed the policy many times over since then).
vh
Mads
1 gig mem? you've got to be kidding - I'm
pretty sure you couldn't keep even without SSL.
Doesn't your pr0n streaming business generate enough income to pay for a
real server? ;)
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
___
g on the server.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@
On Tue, Aug 16, 2005 at 11:16:36AM -0700, Andrew Musselman wrote:
> Listen 81
>
> ServerAdmin [EMAIL PROTECTED]
> DocumentRoot /usr/local/www/printers
> ServerName pc74965.cts.cwu.edu
> DirectoryIndex index.html index.php
> ErrorLog /var/log/printers-error_log
> Cust
ne, as these commands from the FAQ at
> http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html return no errors:
>
> $ openssl s_client -connect localhost:443 -state -debug
> GET / HTTP/1.0
>
What if you use localhost:81 instead?
We need more info like the SSL specific part of the conf and
t in the very latest httpd dev tree - see
http://mail-archives.apache.org/mod_mbox/httpd-cvs/200507.mbox/[EMAIL PROTECTED]
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apach
name based vhosting with ssl - go see the ssl FAQ:
http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#vhosts2
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl
it is for both Apache 1 and 2 ?
>
Because it isn't. The mod_ssl available at www.modssl.org is only for
Apache 1.3.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache In
ndly kick me in the right
> direction?
>
It still looks like you don't have SSLEngine on in the right place.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to Ope
ly a timestamp
problem that results in make thinking that the lex/yacc files has been
updated later than the output .c and .h - simply touch the output files
to make sure they have a newer timestamp, then make won't try to
regenerate.
vh
Mads T
ser you want it to run under. That's
really all you need to do.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Suppo
On Thu, Sep 02, 2004 at 09:20:45AM -0700, Philip Lavine wrote:
[SNIP]
> SSL_connect:SSLv2/v3 write client hello A
> read from 080AED40 [080B5270] (7 bytes => 7 (0x7))
> - 0a 3c 3f 78 6d 6c .
standard build, there will be a build/ directory with
the file config.nice that contains all the options originally used to build
apache.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
_
dn't
turn up until after the code was imported.
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/ssl_engine_io.c?r1=1.88&r2=1.89
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apac
t; you don't like spam and email worms... how about (gasp) installing
> SpamAssassin and some antivirus software. :-P
>
Unplugging the network cable worked well to make NT4 secure up to the c2
level - I'm pretty sure that a similar trick would be quite efficient in
avoiding spam ;)
gt;
sure, that would certainly make sense.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
odssl and openssl lists.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [E
is is the mod_ssl list, while
you're running apache-ssl which lives at http://www.apache-ssl.org/
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl)
key file ) according to the
>public key in the new certificate file ? Or should I remove
>everything and install again, the proper way ?
>
There's nothing that should keep the keys from working on different
machines, so chances are that it is either the installation or the
con
the default and are:
>
> SSLSessionCache dbm:logs/ssl_scache
> SSLSessionCacheTimeout300
>
On linux you really should be using a shared memory session cache - like
SSLSessionCache shmcb:logs/ssl_gcache_data(512000)
SSLSessionCacheTimeout300
vh
Mads Toft
s?
Please also note that the current release version is 2.0.48
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Suppor
gs allow those directives in .htaccess - see Override
for SSLVerifyClient and SSLOptions. Especially the Options override
required by SSLOptions is something that won't be allowed.
vh
Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03,
MV - I don't know
enough about Kerberos to know wether that type of usernames would be
a problem).
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC21
vh
Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubl
nce. Is there something else I need to do?
> Is there something my host needs to do?
>
Those fields will be filled when using client certificates - see
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC17
also remember to turn on SSLOptions +StdEnvVars - see
http://www.modssl.o
F50296B76B5E6034ECDB32B4B062788BA9D9832DD3B
vh
Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations"
WE11, "Apache mod_rewrite, the Swiss Army Knife of URL manipulation"
ficate and key to be in PEM format -
openssl x509 -in cert.crt -inform DER -out cert.pem -outform PEM
vh
Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configurations"
WE11, "Apache m
- that should tell you wether session
caching is in effect or not.
Usually when sessions are enabled in apache, but the browser keeps asking for
the cert, then it is a setting in the browser - I seem to recall that
Netscape had an option to ask for the password on every use.
vh
Mads Toftum
creasing the size and/or lowering
the Timeout - just to make sure you're not exhausting your
session store capacity before the browser times out.
vh
Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apach
lorer tries to open more connections than it can handle at once
because keepalives are turned off (the SetEnvIf I mentioned). It should be
possible to determine with netstat or LogLevel debug.
If that isn't the case, then I can only think of things like a blocking
random device, or some other reso
-response-1.0
You could try without it and see if it helps.
vh
Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apach
win much with an ssl accelerator.
> Any ideas on how other sites handle image files over SSL. I need the image
> file over SSL, because they are scanned images of confidential information.
>
Just like any other file type - apache doesn't really care what it is.
vh
Mads Toftum
--
S
ner anyway).
> I will try out different values for these, but I reinstalled without modssl, so I
> have to install modssl first. Seems like these are pretty standard settings. I'm
> surprised no one else has run across this warning.
>
I have heard one reporting similar problems on ir
pache distribution and where
we would like to see the module going in the future.
If you're interested, then drop me a note off list, and I'll
talk to the planners.
vh
Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslmutex
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslsessioncache
vh
Mads Toftum
--
Speaking at ApacheCon 2003 - http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apache configura
g like
the output of httpd -V, the configure options used when building apache and
wether you have any other non standard modules installed (ie. php and such).
Also your SSL specific part of the configuration.
vh
Mads Toftum
--
Speaking at http://ApacheCon.com/
T03, "Apache 2 mod_ssl tuto
A couple of ideas - what happens if you don't ask for the internal
SDBM? If it works on your os, then MM should give better performance -
http://www.ossp.org/pkg/lib/mm/ Running make test should let you know
if it is a plausible way to go.
vh
Mads Toftum
--
Speaking at http://ApacheCon.com
> > Port 443 ?
Yes, that sounds about right. Something like this should do:
Listen 80
ServerName example.com
RedirectPermanent / https://example.com
vh
Mads Toftum
--
Speaking at http://ApacheCon.com/
T03, "Apache 2 mod_ssl tutorial" (3h)
WE03, "Troubleshooting Apach
e initial code to take care of that, but even if
it did make it into the tree, then it is more or less untested because there
are no clients for it.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
A
om/[EMAIL PROTECTED]/
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTEC
On Wed, Aug 20, 2003 at 10:56:11AM +0200, Hendrik Robbel wrote:
> Hi,
>
> I tried to nest two with SSLRequire entries:
>
>
> SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
> and %{SSL_CLIENT_S_DN_O} eq "user" )
>
>
>
>
> SSLRequire (%{SSL_CIPHER} !~ m/^(EXP|NULL)-/ \
>
is output from flex - if the output is newer, then make does
not try to run flex.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl
unless timestamps were messed up. Try touching
src/modules/ssl/ssl_expr_scan.c to make sure its timestamp is newer than
the .l file.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
east I've used shared
memory session caching on solaris 7 & 8 many times. The thing to
configure is SSLSessionCache which should be set to something like:
SSLSessionCache shm:/usr/local/apache/logs/ssl_gcache_data(512000)
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslsessioncache
vh
MM with apache2 - it has its own shared
memory handling built in if your os supports it.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) ww
yone on
> this list?
>
Yeah, there's plety of people on the list, but it does go quiet at times.
Last message was friday - always check the list archive:
http://marc.theaimsgroup.com/?l=apache-modssl
vh
Mads Toftum
--
`Darn it, who spiked m
eleased 21-Mar-2003
to fix a problem similar to what you're describing.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
e or unexpected in that. Use one of the following to
enable verification:
-CApath arg - PEM format directory of CA's
-CAfile arg - PEM format file of CA's
By default openssl knows no CA's, so you need to get the CA cert
of
see
./configure --help in the Apache 2 source for instructions on how to enable
mod_ssl.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl)
ny more advice gratefully accepted :)
>
This looks very much like a client error from lwp. You need
Crypt::SSLeay for that, see:
http://search.cpan.org/author/CHAMAS/Crypt-SSLeay-0.49/
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
___
Failed to load temporary 512 bit
> RSA private key
>
See the FAQ: http://www.modssl.org/docs/2.8/ssl_faq.html#entropy
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Int
een included, but see
http://marc.theaimsgroup.com/?t=10449923556&r=1&w=2
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl)
On Tue, Feb 18, 2003 at 05:09:38PM -0600, Ray a PowerWeb Tech wrote:
> is it possible using either mod_rewrite, mod_vhosts_alias or some trick in
> mod_ssl to have multiple virtual hosts by ip address
>
No, that is not possible.
vh
Mads Toftum
--
`Darn it, who spiked my coffee w
On Wed, Feb 19, 2003 at 12:10:14PM +0100, Mads Toftum wrote:
> openssl ca -revoke filename
>
> see man ca and man crl in the openssl docs.
>
I forgot to add this link - http://www.apacheweek.com/features/crl
vh
Mads Toftum
--
`Darn it, who spiked my coffee with wate
On Wed, Feb 19, 2003 at 11:57:20AM +0100, Zampognaro Sergio wrote:
> How to add a client certificate to an already created and empty Certificate
> Revocation List?
>
openssl ca -revoke filename
see man ca and man crl in the openssl docs.
vh
Mads Toftum
--
`Darn it, who spiked my co
tatically or dynamically
into mod_ssl. If ldd is available on your os, then you can try:
ldd SERVER_ROOT/libexec/libssl.so
(SERVER_ROOT is usually /usr/local/apache/)
It will tell you which libraries libssl is linked to.
vh
Mads Toftum
--
`Darn it, who spiked my
/2.0.44 (Unix) mod_ssl/2.0.44
> OpenSSL/0.9.6g configured -- resuming normal operations
>
Right, so you're missing a configuration directive - see
http://httpd.apache.org/docs-2.0/mod/mod_ssl.html#sslsessioncache
vh
Mads Toftum
--
`Darn it, who spike
openssl x509 -noout -text -in server.crt
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
has access to my page and I know that he hasn't a
> cert, but when expired cert is used then server error is occured.
> What is problem? Can I create ssl configuration to give access for all certs
> and to get cert info.
>
Currently that is not possible afaict.
vh
Mads Toftum
-
3
vhost container.
>
> NameVirtualHost 10.0.0.2:80
>
> ServerName www.sancho2k.net
Redirect / https://family.sancho2k.net
No real need to use mod_rewrite for that.
vh
Mads Toftum
--
`Darn it, who spiked my
.
-
So neither Thawte or Verisign (who own Thawte) issue wildcard certs.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to Op
ache cookbook where such
> recipes are collected?
>
The documentation would be the obvious place IMHO - see
http://httpd.apache.org/docs-project/ - if you get the time to write
something, I can probably be convinced to commit it for t
which has some preliminary and untested
code for it. If anyone knows of a compliant client, then that would be
much appreciated.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface
leases.
> https://arhosting.com
> https://www.arhosting.com
> https://secure.arhosting.com
> https://www.secure.arhosting.com
>
> I would like to cover all of my bases with one certificate...
> Is this possible?
>
*arhosting.com should probably do it.
vh
Mads Toftum
e
> from the VirtualServer1!
> both Hosts have now the same Certificate.
>
A classical FAQ - http://www.modssl.org/docs/2.8/ssl_faq.html#vhosts
you need different ip's or different ports.
vh
Mads Toftum
--
`Darn it, who spiked my co
irst place. /path/to/apache/bin/httpd -V should list -DEAPI
if it has. If that is in place, then read the INSTALL file about
upgrading, but without it you have to recompile from scratch.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
aken from the sorce - like
http://www.modssl.org/source/exp/mod_ssl/pkg.mod_ssl/INSTALL
both result in Internal Server Error.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to Op
at?
You might be able to speed it up a bit tweaking different things like
the cache size, timeouts and compiling openssl with no-threads
But this is still quite a few connections, and you may not be able
to squeeze too much more out of it without adding an ssl accelerator
card.
vh
Mads Toftum
ency of people to read the instructions only if
> all else fails, putting a warning in the default config sounds like a
> good idea. Putting an error message in the source-code would be even
> better!
>
I'm pretty sure there already is (at least in 1.3) but that requires
peo
will give you a list of the
options that you need.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List
t; So if they click on this link:
>
> http://system.company.com/
> it will direct to
> https://system/ or https://system.company.com/
>
In your http vhost put:
Redirect / https://system.company.com/
vh
Mads Toftum
--
`Darn it,
soon.
> As "http://www.modssl.org/news/state.html"; states, the next
> release of mod_ssl will be triggerd when apache 1.3.28 cames
> out. So with apache 1.3.27 there is no go ?
>
It has already been released - see http://www.modssl.org/source/
it is just the front page that ha
ssl.org/docs/2.8/ssl_faq.html#entropy and
http://www.openssl.org/support/faq.cgi#USER1
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (mod_ssl)
following set in the right context:
SSLOptions +ExportCertData
See also http://www.modssl.org/docs/2.8/ssl_reference.html#ToC21
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to Ope
I found how to add the
> mod_ssl module alone.
>
This is only possible if apache already has EAPI built in.
To check do: ./httpd -V
It should list: -D EAPI for the install without rebuilding apache
to work.
Also make sure that openssl is OpenSSL 0.9.6g.
vh
Mads Toftum
--
`Darn it, who
ou would need an even older version of openssl for this to work -
something in the early 0.9.4 series. But you should not do that, as there
are well known exploits for all of these. You really should be using
openssl-0.9.6g, apache-1.3.26 and mod_ssl-2.8.10.
vh
Mads Toftum
--
`Darn it, who spiked
ugh ?
you need newer versions - apache should be 1.3.26 and openssl also needs
to be the latest version.
> How I can configure my httpd.conf ?
Use the default mod_ssl httpd.conf along with the docs to do that.
vh
Mads Toftum
--
`Darn it, who spiked my cof
On Fri, Aug 09, 2002 at 06:55:01PM -0400, R. DuFresne wrote:
> Any word on if this compiles on those older linux kernels as the previous
> release was a total dud in that realm?
I've compiled Apache2 on a 2.0 linux kernel several times without problems.
vh
Mads Toftum
--
`Darn it,
ch suits for apache 1.3.26,
>
Mod_ssl is part of apache 2.0.x and is included in the source
tarballs available at http://httpd.apache.org/dist/
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
7;t work on free servers. Please
> enlighten me on this.
>
They will work just as well on apache with mod_ssl.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interface to OpenSSL (m
as proof that every
transaction did in fact have the right levels of crypto etc, this is a real
PITA change. But I suppose that is what happens when someone decides to apr'ize
stuff they don't really know a whole lot about.
vh
Mads Toftum
--
`Darn it, who spiked my
lowly mad = {
>
It looks like your apache2 has been compiled without ssl support, or
that the module has not been loaded.
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
__
Apache Interf
rom
> accessing under HTTP:// ? I'm not meaning to block the whole port 80 but
> only some pages, is it belong to the settings of Apache or what? Please
> instruct. Thanks a lot!!
>
Just make sure that DocumentRoot is not the same for both the HTTP and the
HTTPS server.
vh
Mads To
and users. I suppose you could even remove
certs from the crl once they've expired (since they will still be rejected).
As an alternative you could use http://authzldap.othello.ch/
>
> If that is true, can I imply from this that revocation checks basically
> aren't done on the
On Sat, May 11, 2002 at 05:18:07AM -0500, Ian Miller wrote:
> Looking for the sign.sh file in apache 2.0
It isn't there, but you can grab the one from 1.3 at
http://www.modssl.org/source/cvs/exp/mod_ssl/pkg.mod_ssl/pkg.contrib/sign.sh?rev=1.7&hideattic=1&sortbydate=0
vh
Mads T
o do this, the Web site owner would presumably need to be able to produce
> the still-encrypted post as sent by the user, but from a quickish reading
> of the mod_ssl reference, I don't see any way to log this information.
>
The SSL protocol does not have any support for that.
vh
Ma
gine?
Wether you need a "real" certificate or not depends on what you want to
use it for - see also http://www.modssl.org/docs/2.8/ssl_faq.html#cert-dummy
vh
Mads Toftum
--
With a rubber duck, one's never alone.
> how to create a wildcard cert.
>
Wildcard certs are made exactly as any other cert.
vh
Mads Toftum
--
With a rubber duck, one's never alone.
-- "The Hitchhiker's Guide to the Galaxy"
_
adding -DSSL_EXPERIMENTAL to CFLAGS work? There is a bit in the
README file about how it is supposed to work.
vh
Mads Toftum
--
With a rubber duck, one's never alone.
-- "The Hitchhiker's Guide to the Galaxy"
__
reporting problems I run across in testing Apache 2.0 to a
> different list from this one?
>
This list should be fine - if you have confirmed bugs or patches, then the
bug tracking system at apache.org would be a nice place to dump a copy.
vh
Mads Toftum
--
With a rubber duck, one'
ther use
the latest cvs version (where this bug has been fixed) or wait
for the next Apache2 release.
vh
Mads Toftum
--
With a rubber duck, one's never alone.
-- "The Hitchhiker's Guide to the Galaxy"
__
nd mod_ssl - and that you're either using a
very old config or a config from something like Apache+SSL
vh
Mads Toftum
--
With a rubber duck, one's never alone.
-- "The Hitchhiker's Guide to the Galaxy"
_
n let them have access to the http link, it
> should redirect or give error." What do you people have to add to
> this?
>
Something like this in your http vhost:
RedirectMatch permanent ^/(.*)$ https://www.example.com/$1
vh
Mads Toftum
--
With a rubber duck, one's never
On Mon, Apr 15, 2002 at 05:18:05PM +0200, Owen Boyle wrote:
> What's this about ssl.conf? Are you "including" this file into
> httpd.conf at runtime?
This is the default for Apache2 - the ssl configuration has been
moved out of httpd.conf to ssl.conf
vh
Mads Toftum
-
T running mod_ssl (under Apache 1.3, it didn't have to).
> Does it have to, now? the engine_log is reporting:
You're hitting a bug that has been fixed in the latest cvs - see
http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/ssl/mod_ssl.c?rev=1.63&content-type=text/vnd.viewcvs-
1 - 100 of 623 matches
Mail list logo