Bookmarks

Yahoo Gmail Google Facebook Delicious Twitter Reddit Stumpleupon Myspace Digg

Search queries

sqldatasource dal, wwwxxxenden, convert raid5 to raid 10 mdadm, apache force chunked, nrao wwwxxx, xxxxxdup, procmail change subject header, wwwXxx not20, Wwwxxx.doks sas, linux raid resync after reboot

Links

XODOX
Impressum

#1: SSLv3 alone (without TLSv1) does not work from client browser

Posted on 2010-09-13 23:21:59 by Dan.Hintz

--_000_132C7B325F671542B8CA2F02A1FFAF1F46708DC6CRPMBOXPRD01p ol_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

In our Apache conf file, we have the following directives:

SSLProtocol -all +SSLv3 +TLSv1
SSLCipherSuite ALL:!DH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!eN =
ULL:!aNULL

When we use a browser (Internet Explorer, or Firefox) to connect, it will w=
ork if we have both SSLv3 and TLSv1 configured within the browser. But, wh=
en we remove the TLSv1, we cannot connect.

Does anyone know what could be the problem?

Thanks in advance,
Dan


--_000_132C7B325F671542B8CA2F02A1FFAF1F46708DC6CRPMBOXPRD01p ol_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

<html xmlns:v=3D"urn:schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-micr=
osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:x=3D"urn:schemas-microsoft-com:office:excel" xmlns:p=3D"urn:schemas-m=
icrosoft-com:office:powerpoint" xmlns:a=3D"urn:schemas-microsoft-com:office=
:access" xmlns:dt=3D"uuid:C2F41010-65B3-11d1-A29F-00AA00C14882" xmlns:s=3D"=
uuid:BDC6E3F0-6DA3-11d1-A2A3-00AA00C14882" xmlns:rs=3D"urn:schemas-microsof=
t-com:rowset" xmlns:z=3D"#RowsetSchema" xmlns:b=3D"urn:schemas-microsoft-co=
m:office:publisher" xmlns:ss=3D"urn:schemas-microsoft-com:office:spreadshee=
t" xmlns:c=3D"urn:schemas-microsoft-com:office:component:spread sheet" xmlns=
:odc=3D"urn:schemas-microsoft-com:office:odc" xmlns:oa=3D"urn:schemas-micro=
soft-com:office:activation" xmlns:html=3D"http://www.w3.org/TR/REC-html40" =
xmlns:q=3D"http://schemas.xmlsoap.org/soap/envelope/" xmlns:rtc=3D"http://m=
icrosoft.com/officenet/conferencing" xmlns:D=3D"DAV:" xmlns:Repl=3D"http://=
schemas.microsoft.com/repl/" xmlns:mt=3D"http://schemas.microsoft.com/share=
point/soap/meetings/" xmlns:x2=3D"http://schemas.microsoft.com/office/excel=
/2003/xml" xmlns:ppda=3D"http://www.passport.com/NameSpace.xsd" xmlns:ois=
=3D"http://schemas.microsoft.com/sharepoint/soap/ois/" xmlns:dir=3D"http://=
schemas.microsoft.com/sharepoint/soap/directory/" xmlns:ds=3D"http://www.w3=
..org/2000/09/xmldsig#" xmlns:dsp=3D"http://schemas.microsoft.com/sharepoint=
/dsp" xmlns:udc=3D"http://schemas.microsoft.com/data/udc" xmlns:xsd=3D"http=
://www.w3.org/2001/XMLSchema" xmlns:sub=3D"http://schemas.microsoft.com/sha=
repoint/soap/2002/1/alerts/" xmlns:ec=3D"http://www.w3.org/2001/04/xmlenc#"=
xmlns:sp=3D"http://schemas.microsoft.com/sharepoint/" xmlns:sps=3D"http://=
schemas.microsoft.com/sharepoint/soap/" xmlns:xsi=3D"http://www.w3.org/2001=
/XMLSchema-instance" xmlns:udcs=3D"http://schemas.microsoft.com/data/udc/so=
ap" xmlns:udcxf=3D"http://schemas.microsoft.com/data/udc/xmlfile " xmlns:udc=
p2p=3D"http://schemas.microsoft.com/data/udc/parttopart" xmlns:wf=3D"http:/=
/schemas.microsoft.com/sharepoint/soap/workflow/" xmlns:dsss=3D"http://sche=
mas.microsoft.com/office/2006/digsig-setup" xmlns:dssi=3D"http://schemas.mi=
crosoft.com/office/2006/digsig" xmlns:mdssi=3D"http://schemas.openxmlformat=
s.org/package/2006/digital-signature" xmlns:mver=3D"http://schemas.openxmlf=
ormats.org/markup-compatibility/2006" xmlns:m=3D"http://schemas.microsoft.c=
om/office/2004/12/omml" xmlns:mrels=3D"http://schemas.openxmlformats.org/pa=
ckage/2006/relationships" xmlns:spwp=3D"http://microsoft.com/sharepoint/web=
partpages" xmlns:ex12t=3D"http://schemas.microsoft.com/exchange/service s/20=
06/types" xmlns:ex12m=3D"http://schemas.microsoft.com/exchange/service s/200=
6/messages" xmlns:pptsl=3D"http://schemas.microsoft.com/sharepoint/soap/ Sli=
deLibrary/" xmlns:spsl=3D"http://microsoft.com/webservices/SharePointPor tal=
Server/PublishedLinksService" xmlns:Z=3D"urn:schemas-microsoft-com:" xmlns:=
st=3D"&#1;" xmlns=3D"http://www.w3.org/TR/REC-html40">

<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Dus-ascii"=
>
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered medium)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal;
font-family:"Segoe UI","sans-serif";
color:windowtext;
font-weight:normal;
font-style:normal;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Segoe UI","sans-serif";
color:#984806;
font-weight:normal;
font-style:normal;}
..MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
-->
</style>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext=3D"edit">
<o:idmap v:ext=3D"edit" data=3D"1" />
</o:shapelayout></xml><![endif]-->
</head>

<body lang=3DEN-US link=3Dblue vlink=3Dpurple>

<div class=3DWordSection1>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'>In=
our
Apache conf file, we have the following directives:<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'><o=
:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'>SS=
LProtocol
-all +SSLv3 +TLSv1<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'>SS=
LCipherSuite
ALL:!DH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP:!eN ULL:!aNULL<o:p>=
</o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'><o=
:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'>Wh=
en we
use a browser (Internet Explorer, or Firefox) to connect, it will work if w=
e
have both SSLv3 and TLSv1 configured within the browser.&nbsp; But, when we
remove the TLSv1, we cannot connect.<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'><o=
:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'>Do=
es
anyone know what could be the problem?<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'><o=
:p>&nbsp;</o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'>Th=
anks in
advance,<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'>Da=
n<o:p></o:p></span></p>

<p class=3DMsoNormal><span style=3D'font-family:"Segoe UI","sans-serif"'><o=
:p>&nbsp;</o:p></span></p>

</div>

</body>

</html>

--_000_132C7B325F671542B8CA2F02A1FFAF1F46708DC6CRPMBOXPRD01p ol_--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Report this message