[ale] SSL, Apache, and Windows 98
Grant Robertson
f.grant.robertson at gmail.com
Tue Jun 21 12:07:04 EDT 2005
Does the win98 machine have the high encryption pack installed? (you
can find out by going to help -> about in the IE window) Have you
tried firefox from that machine? (is firefox supported on w98?).
Also, you said "any version" but, which versions have you tried? What
is the currently installed version? (again, help -> about)
-G
On 6/21/05, Brian Akins <bakins at web.turner.com> wrote:
> Apache 2.0.54 with ssl as dso
> openssl 0.9.7g
> RHAS 2.1
>
> WIn 98 with any version of IE gets the generic page caoont be displayed
> message.
>
> Errors in apache log:
> Tue Jun 21 11:22:09 2005] [info] Connection to child 35 established
> (server account.nascar.com:443, client 10.188.33.199)
> [Tue Jun 21 11:22:09 2005] [info] SSL library error 1 in handshake
> (server account.nascar.com:443, client 10.188.33.199)
> [Tue Jun 21 11:22:09 2005] [info] Connection to child 35 closed with
> abortive shutdown(server account.nascar.com:443, client 10.188.33.199)
> [Tue Jun 21 11:22:09 2005] [info] Connection to child 36 established
> (server account.nascar.com:443, client 10.188.33.199)
> [Tue Jun 21 11:22:09 2005] [info] Connection to child 36 closed with
> abortive shutdown(server account.nascar.com:443, client 10.188.33.199)
>
>
>
> output from ssldump:
>
> New TCP connection #5: 10.188.33.199(1493) <-> pay8rly2.turner.com(443)
> 5 1 0.0011 (0.0011) C>S SSLv2 compatible client hello
> Version 3.1
> cipher suites
> TLS_RSA_WITH_RC4_128_MD5
> TLS_RSA_WITH_RC4_128_SHA
> TLS_RSA_WITH_3DES_EDE_CBC_SHA
> SSL2_CK_RC4
> SSL2_CK_3DES
> SSL2_CK_RC2
> TLS_RSA_WITH_DES_CBC_SHA
> SSL2_CK_DES
> TLS_RSA_EXPORT1024_WITH_RC4_56_SHA
> TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA
> TLS_RSA_EXPORT_WITH_RC4_40_MD5
> TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5
> SSL2_CK_RC4_EXPORT40
> SSL2_CK_RC2_EXPORT40
> 5 2 0.0016 (0.0005) S>C Handshake
> ServerHello
> Version 3.1
> session_id[32]=
> 7e 80 0d c5 97 8b d4 80 37 af 00 97 02 8f 42 de
> a4 45 fe 00 36 41 92 0e 1c 3a f5 04 8a 50 26 ca
> cipherSuite TLS_RSA_WITH_RC4_128_MD5
> compressionMethod NULL
> 5 3 0.0016 (0.0000) S>C Handshake
> Certificate
> 5 4 0.0016 (0.0000) S>C Handshake
> ServerHelloDone
> 5 5 0.0062 (0.0045) C>S Handshake
> ClientKeyExchange
> 5 6 0.0062 (0.0000) C>S ChangeCipherSpec
> 5 7 0.0062 (0.0000) C>S Handshake
> 5 8 0.0070 (0.0008) S>C Alert
> level fatal
> value bad_record_mac
> 5 0.0073 (0.0002) S>C TCP FIN
> 5 0.0079 (0.0006) C>S TCP FIN
> New TCP connection #6: 10.188.33.199(1494) <-> pay8rly2.turner.com(443)
> Version 2 Client.
> 6 0.0036 (0.0036) C>S TCP FIN
> 6 0.0037 (0.0001) S>C TCP FIN
>
>
>
>
> Apache config stuff:
>
> SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
> downgrade-1.0 force-response-1.0
>
>
> SSLSessionCache shm:/logs/https-relay.ssl_session_cache(512000)
> SSLSessionCacheTimeout 300
> SSLMutex sem
> SSLRandomSeed startup builtin
> SSLRandomSeed connect builtin
>
> I have tried the following as well:
>
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> SSLProtocol all -SSLv3
>
>
>
> to no avail.
>
> Seems to work on all other OS's
>
>
>
>
>
> --
> Brian Akins
> Lead Systems Engineer
> CNN Internet Technologies
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
--
F. Grant Robertson
m: 404.388.9797
o: 678-388-9048
e: me at grantrobertson.com
w: http://grantrobertson.com/
More information about the Ale
mailing list