You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "Nazzaro, Mark (Mark)" <mn...@lucent.com> on 2001/12/11 23:01:00 UTC
RE: Apache SSL error
Milon,
FYI. It turned out to be an issue with the clients. We were using LoadRunner
to test our web site and the wininet setting needed to be selected.
Basically, the setting tells LoadRunner to use IE's dlls instead of its own.
We were also having problems with a version of Netscape 4.08. The version
was an international version so it only had a couple of ciphers. It works on
production with SSLv2 and on development with SSLv3 and SSLv2. We are still
trying to figure out why that is so.
Thanks for the help.
Mark Nazzaro
eAssociate
Lucent Technologies
Phone: (908) 559-6105
-----Original Message-----
From: Milon Papezik [mailto:Milon.Papezik@oskarmobil.cz]
Sent: Wednesday, November 28, 2001 10:42 AM
To: Nazzaro, Mark (Mark)
Subject: RE: Apache SSL error
Hi Mark,
I am afraid you'll have to dig into SSL libraries (which should not be that
difficult given the error message).
I realized now, that our problem started when we used our Verisign
certificate with the first version of openssl
which was checking the certificate type (with an error in the check).
I am sorry that I can not help more, I hope you will receive better answer
from developers withi OpenSSL community.
Still I am very interested in what caveat stops you and what will be the
resolution.
I keep my fingers crossed for you!
Milon
--
milon.papezik@oskarmobil.cz
> -----Original Message-----
> From: Nazzaro, Mark (Mark) [mailto:mnazzaro@lucent.com]
> Sent: Wednesday, November 28, 2001 16:01
> To: 'Milon Papezik'
> Subject: RE: Apache SSL error
>
>
> I am using a real cert on both machines. We have an internal
> certificate
> authority which I used for both. The only difference is that
> production is
> using Round-Robin and development is not.
>
> Mark Nazzaro
> eAssociate
> Lucent Technologies
> Phone: (908) 559-6105
>
>
> -----Original Message-----
> From: Milon Papezik [mailto:Milon.Papezik@oskarmobil.cz]
> Sent: Wednesday, November 28, 2001 9:57 AM
> To: Nazzaro, Mark (Mark); Milon Papezik
> Subject: RE: Apache SSL error
>
>
> Do you use the same certificate on both macines or do you use
> Apache self-signed certificate on development and Real-one on
> production ?
>
> Thanks,
> Milon
>
>
> > -----Original Message-----
> > From: Nazzaro, Mark (Mark) [mailto:mnazzaro@lucent.com]
> > Sent: Wednesday, November 28, 2001 15:51
> > To: 'Milon Papezik'
> > Subject: RE: Apache SSL error
> >
> >
> > That explanation sounds logical but then why would it not be
> > consistent? I
> > have development running the same version and the browser
> > works just fine.
> > Any help is much appreciated.
> >
> > Mark Nazzaro
> > eAssociate
> > Lucent Technologies
> > Phone: (908) 559-6105
> >
> >
> > -----Original Message-----
> > From: Milon Papezik [mailto:Milon.Papezik@oskarmobil.cz]
> > Sent: Wednesday, November 28, 2001 8:48 AM
> > To: Nazzaro, Mark (Mark)
> > Subject: RE: Apache SSL error
> >
> >
> > Hi Mark,
> >
> > I believe that the upgrade from 0.9.5 to 0.9.6 (and
> > preferrably 0.9.6b)
> > would solve your problem.
> >
> > The problem was with the certificate stating that it is only
> > for server (the
> > cerificate type)
> > and this is what makes OpenSSL library unhapy (there is some
> > errorneous test
> > inside library).
> >
> > Also IIRC there were some security related fixes between
> > Apache 1.3.19 and
> > 1.3.20+.
> > I would recomend going with the newer version, unless there
> > is some Oracle
> > re;ated dependency.
> >
> > I hope this will help you. Please let me know the result/solution.
> >
> > Have a nice day,
> > Milon
> > --
> > milon.papezik@oskarmobil.cz
> >
> > > -----Original Message-----
> > > From: Nazzaro, Mark (Mark) [mailto:mnazzaro@lucent.com]
> > > Sent: Wednesday, November 28, 2001 14:04
> > > To: 'Milon Papezik'
> > > Subject: RE: Apache SSL error
> > >
> > >
> > > Thanks for the information. Here is my version:
> > > [Tue Nov 27 23:58:11 2001] [notice] Oracle HTTP Server Powered by
> > > Apache/1.3.19 (Unix) mod_ssl/2.8.1 OpenSSL/0.9.5a
> > >
> > >
> > > Mark Nazzaro
> > > eAssociate
> > > Lucent Technologies
> > > Phone: (908) 559-6105
> > >
> > >
> > > -----Original Message-----
> > > From: Milon Papezik [mailto:Milon.Papezik@oskarmobil.cz]
> > > Sent: Tuesday, November 27, 2001 6:30 PM
> > > To: Nazzaro, Mark (Mark)
> > > Subject: RE: Apache SSL error
> > >
> > >
> > > Hi Mark,
> > >
> > > if I remember correctly it was a problem which disappeared
> > > after upgrading
> > > to recent openssl.
> > > What is your FreeBSD/openssl version ? I think it was
> > > arround 4.2(-STABLE)
> > > and pre 0.9.6(ab?).
> > >
> > > Milon
> > > --
> > > milon.papezik@oskarmobil.cz
> > >
> > > > -----Original Message-----
> > > > From: Nazzaro, Mark (Mark) [mailto:mnazzaro@lucent.com]
> > > > Sent: Tuesday, November 27, 2001 17:26
> > > > To: 'milon.papezik@oskarmobil.cz'
> > > > Subject: Apache SSL error
> > > >
> > > >
> > > > Milon,
> > > > I noticed that you were receiving the same error message as
> > > > me. Did you ever
> > > > figure out what the issue was? Here is what we are receiving
> > > > in our logs:
> > > > We are getting the following error messages in our Apache
> > error_log:
> > > > [Wed Nov 21 08:43:40 2001] [error] mod_ssl: SSL handshake
> > > > failed (server
> > > > mylucent.web.lucent.com:443, client 135.103.93.70) (OpenSSL
> > > > library error
> > > > follows)
> > > > [Wed Nov 21 08:43:40 2001] [error] OpenSSL:
> > error:27066221::lib(39)
> > > > :func(102) :reason(545)
> > > > [Wed Nov 21 08:43:40 2001] [error] OpenSSL:
> > error:1409B004::lib(20)
> > > > :func(155) :reason(4)
> > > >
> > > > Any help would be greatly appreciated.
> > > >
> > > > Thanks,
> > > >
> > > > Mark Nazzaro
> > > > eAssociate
> > > > Lucent Technologies
> > > > Phone: (908) 559-6105
> > > >
> > >
> >
>
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org